5625 matches found
JVN#00892830 Namazu cross-site scripting vulnerability
Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Update to t...
JVN#13159997 Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication
The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE is disabled in the default configuration. This vulnerability may allow a remote attacker to access the web administration interface without authentication...
JVN#79114735 Google Desktop cross-site scripting vulnerability
Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a user who uses Google Desktop. Solution According to the vendor, this vulnerability has been fixed in Google...
JVN#04032535 Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents. Impact The impacts vary depending on t...
JVN#10606373 BFup ActiveX Control buffer overflow vulnerability
BFup ActiveX Control is developed by an individual that provides file upload and download functionality. BFup ActiveX Control contains a buffer overflow vulnerability. According to the developer of BFup ActiveX Control, this vulnerability only exists in BFup ActiveX Control developed by the...
JVN#21312708 MTCMS WYSIWYG Editor cross-site scripting vulnerability
MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Workarounds The vendor...
JVN#95014590 Zimbra Collaboration Suite script execution vulnerability
Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book, webmail, and other functions. Zimbra Collaboration Suite 4.0.3 and 4.5.6 contain a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact If a us...
JVN#10056705 FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers
The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer series are digital multifunction copiers and printers. Some of these products contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server...
JVN#53757727 Nagios cross-site scripting vulnerability
Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the software to the latest version accordi...
JVN#54593414 Cross-site scripting vulnerability in multiple Tor World CGI scripts
Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update...
JVN#42381549 Internet Scanner reporting engine vulnerable to cross-site scripting
IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the...
JVN#09470767 Apache Tomcat fails to properly handle cookie value
Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages. Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser. The...
JVN#38893575 PC2M cross-site scripting vulnerability
PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...
JVN#91868305 RaidenHTTPD cross-site scripting vulnerability
RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products...
JVN#01162446 Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products
Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. For more information, refer to the vendor's website...
JVN#88575577 Multiple Yamaha routers vulnerable to cross-site request forgery
Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configuration...
JVN#08237857 Multiple JustSystems products vulnerable to buffer overflow
Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Impact If a user opens a specially crafted .jtd file or views a web page containing a specially crafted .jtd file, arbitrary code...
JVN#33044255 GreaseKit and Creammonkey allows execution of userscript functions
GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page. Impact When a user views a specially crafted web...
JVN#44736880 WinAce buffer overflow vulnerability
WinAce provided by e-merge GmbH is software to compress and decompress files in multiple types of compression format. WinAce is vulnerable to buffer overflow. When WinAce decompresses a specially crafted file, this vulnerability can be exploited to execute arbitrary code with the privilege of the...
JVN#89292430 Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server
Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web...
JVN#45675516 Flash Player vulnerable in handling cross-domain policy files
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe's "About allowing cross-domain data loading", "When a Flash document attempts to access data from another domain, Flash Player automaticall...
JVN#50876069 Flash Player allows to send arbitrary HTTP headers
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack...
JVN#75130343 Google Web Toolkit vulnerable to cross-site scripting
Google Web Toolkit GWT is an open source software development framework that allows web developers to create Ajax applications in Java. The benchmark reporting system in GWT is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Updat...
JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...
JVN#52846259 JP1/Cm2/Network Node Manager vulnerable to cross-site scripting
Hitachi JP1/Cm2/Network Node Manager NNM is software that helps a network administrator manage network configurations, faults, and other elements. Hitachi NNM is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software...
JVN#23120863 Rainboard cross-site scripting vulnerability
The Rainboard bulletin board software provided by UDON is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected Rainboard 2.02 and earlier...
JVN#77414947 Cybozu Office denial of service (DoS) vulnerability
Cybozu Office, web-based groupware, is vulnerable to a denial of service DoS attack because it fails to properly handle specially crafted HTTP requests. Impact A remote attacker can cause a denial of service DoS against the server. Solution Update the Software For more information, refer to the...
JVN#90712589 Multiple Cybozu products vulnerable to cross-site scripting
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....
JVN#50342989 Multiple Cybozu products vulnerable to cross-site scripting
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....
JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection
Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...
JVN#02854109 HttpLogger vulnerable to cross-site scripting
Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. For more information, ref...
JVN#66291445 SonicStage CP buffer overflow vulnerability
Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a specially crafted playlist file with the .m3u extension can cau...
JVN#82610488 Lhaplus buffer overflow vulnerability
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from...
JVN#55833292 FileMaker cross-site scripting vulnerability
FileMaker is database software from FileMaker, Inc. FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web. Impact An attacker could execute an arbitrary script on the web browser of a user who...
JVN#33218020 Feed2JS cross-site scripting vulnerability
Feed2JS Feed to JavaScript is an open source web application which converts RSS feeds into JavaScript. Feed2JS contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the user's web browser. Solution Update the Software Apply the latest updates...
JVN#33820033 RoundCube Webmail cross-site request forgery vulnerability
RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines. Impact Information such as email subject lines may be disclosed on the web...
JVN#65427327 Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web...
JVN#99453765 Cross-site scripting vulnerability in updir.php in UPDIR.NET
updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload image files, etc. on the web server and publish and manage the uploaded files. updir.php contains a cross-site scripting vulnerabili...
JVN#84565055 Lotus Domino cross-site scripting vulnerability
IBM Lotus Domino is server software for Lotus Notes, groupware from IBM. Lotus Domino contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the web browser of a user who accesses a Lotus Domino server. Solution Update the Software For Lotus Domino...
JVN#79295963 NetCommons cross-site scripting vulnerability
NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions. NetCommons contains a cross-site scripting vulnerability. This vulnerability is different from JVN51301450. Impact An attacker could execute an arbitrary script on...
JVN#50495547 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...
JVN#32981509 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...
JVN#29211062 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...
JVN#63304072 MouseoverDictionary vulnerable to arbitrary script execution
MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script on the user's web browser as it does not handle the sidebar HTML page properly. Impact An attacker could execute an arbitrary...
JVN#71872818 AirStation series and BroadStation series vulnerable to cross-site request forgery
Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The web administration interface is vulnerable to cross-site request forgery. Impact If the administrator of such a produ...
JVN#61323184 PowerArchiver buffer overflow vulnerability
PowerArchiver, file compression/decompression software from ConeXware, Inc. supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, an attacker could execute arbitrary code with the privileges of the user. Impact An attacke...
JVN#61208749 Webmin OS command injection vulnerability
Webmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by entering a specially crafted URL. Impact An attacker could execute arbitrary OS commands with Local System privileges on a computer where...
JVN#79013771 Safari allows access from HTTP to HTTPS
Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain. Impact A remote attacker could obtain or change the web page contents protected by...
JVN#70075625 Aipo session fixation vulnerability
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker. Impact This vulnerability may allo...
JVN#70734805 Lhaplus buffer overflow vulnerability
Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, arbitrary code could be executed with the privilege of the user. Impact Arbitrary code could be executed with the...