Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/07 12:0 a.m.•17 views

JVN#35677737 Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files

Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools. Impact A remote attacker could use hidden folders for unintended...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/06 12:0 a.m.•15 views

JVN#01913089 Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal

httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could, without authentication, view files on the server where httpd.pl is installed. This could lead to unintentional...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/06 12:0 a.m.•14 views

JVN#75899905 Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code

Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to view CGI source code in the server as it does not properly handle a specially crafted HTTP request. Impact An attacker may be able to view CGI source co...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/05 12:0 a.m.•47 views

JVN#62868899 7-ZIP32.DLL buffer overflow vulnerability

7-ZIP32.DLL is an open source library for compression and decompression supporting 7z, zip, and some other format files. 7-ZIP32.DLL is based on "Integrated Archiver API Specification", and called from the compression/decompression software. 7-ZIP32.DLL contains a buffer overflow vulnerability. I...

6.8CVSS7.8AI score0.05556EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/03 12:0 a.m.•17 views

JVN#43091983 Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting

Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Ver 1.1.0 and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/31 12:0 a.m.•12 views

JVN#20452446 Shopping Basket Pro directory traversal vulnerability

Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro. Impact A remote attacker could obtain a list of the file and directory names on the server where Shopping Basket Pro is installed. Solution Update the Software Apply t...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/27 12:0 a.m.•12 views

JVN#82276964 Tuigwaa cross-site scripting vulnerability

Tuigwaa from the Tuigwaa Project is open source software to develop web applications. Tuigwaa contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. For mo...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/27 12:0 a.m.•18 views

JVN#38199598 Mayaa cross-site scripting vulnerability

Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. For more information, ref...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/15 12:0 a.m.•41 views

JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user supplied data. This enables a cross-site scripting attack. Impact An arbitrary script could be executed on the...

4.3CVSS7.1AI score0.58956EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/10 12:0 a.m.•10 views

JVN#66303599 WebCart cross-site scripting vulnerability

WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version provided by the vendor. For more...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/02 12:0 a.m.•40 views

JVN#16018033 Safari URL spoofing vulnerability

Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings. Impact As it i...

4.3CVSS6.3AI score0.02444EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/07/31 12:0 a.m.•20 views

JVN#43615794 Yayoi Kaikei improper handling of credential information

Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can obtain the customer number and the phone number to impersonate the user on...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/07/25 12:0 a.m.•27 views

JVN#25471539 Aruba Mobility Controller Series cross-site scripting vulnerability

Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page of the web management interface. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the patch Users of the products should apply...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/07/20 12:0 a.m.•14 views

JVN#34058672 Nessus report function vulnerable to arbitrary script execution

Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/07/11 12:0 a.m.•38 views

JVN#72595280 Flash Player allows to send arbitrary Referer headers

Adobe Flash Player is a multimedia and application browser plugin for viewing Adobe Flash contents. Flash Player contains a vulnerability allowing to send arbitrary Referer headers. Impact As a flash file swf can send an arbitrary Referer header and Flash Player cannot properly validate Referer...

4.3CVSS6.4AI score0.06727EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/07/09 12:0 a.m.•62 views

JVN#33593387 KDDI sample CGI download program directory traversal vulnerability

A sample CGI download program is included with KDDI's EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory traversal vulnerability exists in this program. Impact A remote anauthenticated attacker could access files on the server...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/27 12:0 a.m.•23 views

JVN#44532794 rktSNS cross-site scripting vulnerability

rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the update provided by the developer. For more...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/27 12:0 a.m.•19 views

JVN#74063879 sHTTPd cross-site scripting vulnerability

sHTTPd provided by anekos is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the developer. Products Affected sHTTPd version...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/25 12:0 a.m.•15 views

JVN#05187780 Hiki arbitrary file deletion vulnerability

Hiki contains a vulnerability that allows an arbitrary file to be deleted on a server running Hiki. This is caused by the improper handling of a session management file. Impact A remote attacker may be able to delete arbitrary files with the privilege of the user running Hiki. Solution Upgrade th...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/21 12:0 a.m.•20 views

JVN#90438169 RaidenHTTPD cross-site scripting vulnerability

RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on the user's web browser. Solution Update the Software Apply the update provided by the vendor. For more information,...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/19 12:0 a.m.•58 views

JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard. The developer ha...

2.6CVSS8.7AI score0.19889EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/18 12:0 a.m.•47 views

JVN#95019167 Internet Explorer vulnerable in handling MHTML protocol

When Internet Explorer accesses a website using MHTML MIME Encapsulation of Aggregate HTML, Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be...

4.3CVSS6.1AI score0.2504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/18 12:0 a.m.•53 views

JVN#27203006 Internet Explorer vulnerable in MHTML handling

When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express...

4.3CVSS6.1AI score0.2504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/15 12:0 a.m.•54 views

JVN#64851600 Apache Tomcat sample web application cross-site scripting vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user'...

4.3CVSS7.3AI score0.77376EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/15 12:0 a.m.•35 views

JVN#07100457 Apache Tomcat cross-site scripting vulnerability

Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies. Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability. Impact When a user logs into Apache Tomcat Web Application Manager, an arbitrary...

3.5CVSS7.2AI score0.03291EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/14 12:0 a.m.•17 views

JVN#63602912 dotProject cross-site scripting vulnerability

This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, session hijacking could be conducted. Solution Update the Software The developer has released dotProject version 2...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/07 12:0 a.m.•28 views

JVN#23891849 ADPLAN cross-site scripting vulnerability

ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO search engine optimization module. A website that employs ADPLAN Version 3 service generates a web page using the HTTP header information sent from a client web browse...

6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/04 12:0 a.m.•15 views

JVN#89497739 Meneame cross-site scripting vulnerability

Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker could execute an arbitrary script on the user's web browser. As a result, an attacker could possibly conduc...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/01 12:0 a.m.•16 views

JVN#19240523 HP System Management Homepage cross-site scripting vulnerability

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/01 12:0 a.m.•32 views

JVN#38605899 Mozilla Firefox cross-site scripting vulnerability

Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Mozilla has released Firefox 2.0.0.2 and...

4.3CVSS8.8AI score0.0213EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/05/18 12:0 a.m.•21 views

JVN#92832583 Advance-Flow cross-site scripting vulnerability

Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms are not affected by this vulnerability and some are, depending on the contents of the application forms. Impact An arbitrary script may be execute...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/05/16 12:0 a.m.•17 views

JVN#81294906 Homepage Builder sample CGI programs vulnerable to OS command injection

Among sample CGI programs included in Homepage Builder, anketo.cgi, kansou.cgi, and order.cgi contain an OS command injection vulnerability as they do not properly validate input data. Impact An arbitrary command could be executed on the web server with the privilege of the web server process...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/05/09 12:0 a.m.•13 views

JVN#36628264 Lunascape RSS reader arbitrary script execution vulnerability

Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution Products Affected Lunascape 4.1.3 build 2 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/05/08 12:0 a.m.•32 views

JVN#44724673: Java Web Start vulnerable to execution of unauthorized system classes

Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an...

10CVSS6.8AI score0.04959EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/19 12:0 a.m.•16 views

JVN#06735665 Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Impact An arbitrary script may be executed in the camera server management screen. Solution Products Affected VB100 and VB101 firmware Ver. 3.0 Rev.69 and earlier VB150 firmware Ver. 1.1 Rev.39 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/19 12:0 a.m.•52 views

JVN#19445002 APOP password recovery vulnerability

Impact APOP passwords may be compromised. When the same password is used for other systems, those systems could be compromised as well. Solution Products Affected Mail clients with an APOP implementation As this is a protocol issue, software fixes cannot solve the issue essentially. Encrypted...

2.6CVSS8.1AI score0.02423EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/17 12:0 a.m.•12 views

JVN#91305178 InfoBarrier4 self-decrypted file vulnerability

Impact The third party could view the contents of self-decrypted files or obtain the passwords used for self-decryption. Solution Products Affected InfoBarrier4 Standard Plus: V4.0L10, V4.0L20...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/16 12:0 a.m.•15 views

JVN#84646028 open-gorotto cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected open-gorotto 2.0a 04/07/2006 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/16 12:0 a.m.•18 views

JVN#62334841 Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability

Impact A remote attacker could access files on the server on which Shihonkanri Plus Ver2 GOOUT is installed without authentication. This could lead to unintentional disclosure of file contents. Solution Products Affected Shihonkanri Plus Ver2 GOOUT Ver2.1.7 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/30 12:0 a.m.•21 views

JVN#62399483 Overlay Weaver cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Overlay Weaver 0.5.9 - 0.5.11 For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/30 12:0 a.m.•9 views

JVN#40511721 MailDwarf cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected MailDwarf ver3.01 or earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/30 12:0 a.m.•19 views

JVN#08951968 MailDwarf vulnerability allows unauthorized sending of emails

Impact A remote attacker may be able to send unsolicited mails to arbitrary email addresses. Solution Products Affected MailDwarf ver3.01 or earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/29 12:0 a.m.•17 views

JVN#73258608 CruiseWorks and Minna De Office vulnerable in access restrictions

Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information registered. Solution Products Affected CruiseWorks 1.09e and earlier Minna De Office version 1.xx and 2.xx For more information, refer to the vendor...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/26 12:0 a.m.•27 views

JVN#86092776: BASP21 vulnerable in handling CRLF sequences

Impact An unauthenticated remote attacker may send an unintended email from a web application which its email function is implemented using BASP21. Solution Products Affected bsmtp.dll included in BASP21 2003.0211 Versions of BASP21 Pro earlier than 1,0,702,27...

6.4CVSS6.6AI score0.01449EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/22 12:0 a.m.•21 views

JVN#64227086 NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu. Arbitrary files on client PCs could be accessed by an attacker. Solution Products Affected NewsGlue 1.3.3 and earlier Ikinari Jijyoutsuu version 1.0.0 and 1.0.1...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/19 12:0 a.m.•13 views

JVN#83832818: Interstage Application Server cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected A wide range of products is affected. For more information, refer to the vendor's website...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/16 12:0 a.m.•24 views

JVN#19795972: FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

Impact The third party could view the contents of self-decoding files and obtain the passwords used for the encryption of the files. Solution Products Affected All version levels of FENCE-Pro excluding V5 V5L01 Systemwalker Desktop Encryption: V12.0L10, V12.0L10A, V12.0L10B, V12.0L20, V13.0.0 For...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/13 12:0 a.m.•12 views

JVN#91706484 Trac cross-site scripting vulnerability

Impact A remote attacker could possibly execute an arbitrary script on the user's IE where the user views a Trac wiki content. Solution Products Affected trac 0.10.3 and earlier versions trac-0.10.3-ja-1 and earlier versions...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/12 12:0 a.m.•17 views

JVN#80126589 CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables

Impact When CCC cleaner scans a malicious UPX-packed executable file, CCC cleaner or the system itself may crash. Solution Products Affected CCC Cleaner CCC pattern Ver:321 and earlier For more information, refer to the vendor's website...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/16 12:0 a.m.•14 views

JVN#84746611 Ariel AirOne series cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Ariel AirOne ProjectA v4.6.1 Ariel MultiScheduler v4.6.3 For more information, refer to the vendor's website...

7.2AI score
Exploits0
Total number of security vulnerabilities5625