JVN#19240523 HP System Management Homepage cross-site scripting vulnerability

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting...

JVN#92832583 Advance-Flow cross-site scripting vulnerability

Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms are not affected by this vulnerability and some are, depending on the contents of the application forms. Impact An arbitrary script may be execute...

JVN#81294906 Homepage Builder sample CGI programs vulnerable to OS command injection

Among sample CGI programs included in Homepage Builder, anketo.cgi, kansou.cgi, and order.cgi contain an OS command injection vulnerability as they do not properly validate input data. Impact An arbitrary command could be executed on the web server with the privilege of the web server process...

JVN#36628264 Lunascape RSS reader arbitrary script execution vulnerability

Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution Products Affected Lunascape 4.1.3 build 2 and earlier...

JVN#44724673: Java Web Start vulnerable to execution of unauthorized system classes

Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an...

JVN#06735665 Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Impact An arbitrary script may be executed in the camera server management screen. Solution Products Affected VB100 and VB101 firmware Ver. 3.0 Rev.69 and earlier VB150 firmware Ver. 1.1 Rev.39 and earlier...

JVN#19445002 APOP password recovery vulnerability

Impact APOP passwords may be compromised. When the same password is used for other systems, those systems could be compromised as well. Solution Products Affected Mail clients with an APOP implementation As this is a protocol issue, software fixes cannot solve the issue essentially. Encrypted...

JVN#91305178 InfoBarrier4 self-decrypted file vulnerability

Impact The third party could view the contents of self-decrypted files or obtain the passwords used for self-decryption. Solution Products Affected InfoBarrier4 Standard Plus: V4.0L10, V4.0L20...

JVN#62334841 Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability

Impact A remote attacker could access files on the server on which Shihonkanri Plus Ver2 GOOUT is installed without authentication. This could lead to unintentional disclosure of file contents. Solution Products Affected Shihonkanri Plus Ver2 GOOUT Ver2.1.7 and earlier...

JVN#84646028 open-gorotto cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected open-gorotto 2.0a 04/07/2006 and earlier...

JVN#62399483 Overlay Weaver cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Overlay Weaver 0.5.9 - 0.5.11 For more information, refer to the vendor's website...

JVN#08951968 MailDwarf vulnerability allows unauthorized sending of emails

Impact A remote attacker may be able to send unsolicited mails to arbitrary email addresses. Solution Products Affected MailDwarf ver3.01 or earlier...

JVN#40511721 MailDwarf cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected MailDwarf ver3.01 or earlier...

JVN#73258608 CruiseWorks and Minna De Office vulnerable in access restrictions

Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information registered. Solution Products Affected CruiseWorks 1.09e and earlier Minna De Office version 1.xx and 2.xx For more information, refer to the vendor...

JVN#86092776: BASP21 vulnerable in handling CRLF sequences

Impact An unauthenticated remote attacker may send an unintended email from a web application which its email function is implemented using BASP21. Solution Products Affected bsmtp.dll included in BASP21 2003.0211 Versions of BASP21 Pro earlier than 1,0,702,27...

JVN#64227086 NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu. Arbitrary files on client PCs could be accessed by an attacker. Solution Products Affected NewsGlue 1.3.3 and earlier Ikinari Jijyoutsuu version 1.0.0 and 1.0.1...

JVN#83832818: Interstage Application Server cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected A wide range of products is affected. For more information, refer to the vendor's website...

JVN#19795972: FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

Impact The third party could view the contents of self-decoding files and obtain the passwords used for the encryption of the files. Solution Products Affected All version levels of FENCE-Pro excluding V5 V5L01 Systemwalker Desktop Encryption: V12.0L10, V12.0L10A, V12.0L10B, V12.0L20, V13.0.0 For...

JVN#91706484 Trac cross-site scripting vulnerability

Impact A remote attacker could possibly execute an arbitrary script on the user's IE where the user views a Trac wiki content. Solution Products Affected trac 0.10.3 and earlier versions trac-0.10.3-ja-1 and earlier versions...

JVN#80126589 CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables

Impact When CCC cleaner scans a malicious UPX-packed executable file, CCC cleaner or the system itself may crash. Solution Products Affected CCC Cleaner CCC pattern Ver:321 and earlier For more information, refer to the vendor's website...

JVN#84746611 Ariel AirOne series cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Ariel AirOne ProjectA v4.6.1 Ariel MultiScheduler v4.6.3 For more information, refer to the vendor's website...

JVN#48566866 ColdFusion error page cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected ColdFusion MX 6.X ColdFusion MX 7.X For more information, refer to the vendor's website...

JVN#14243645 Adobe JRun cross-site scripting vulnerability

Impact An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from a cookie is leaked, an remote attacker could possibly conduct session hijacking. Solution Products Affected Adobe JRun 4.0 ColdFusion MX 6.1 Enterprise...

JVN#28356427 ColdFusion cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...

JVN#77366274 CCC Cleaner buffer overflow vulnerability

Impact Arbitrary code could be executed when CCC Cleaner scans UPX-packed files. Solution Products Affected CCC Cleaner CCC pattern Ver:185 CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder. Filenames: lpt$vpn.185 As of February 13...

JVN#84430861 Sage vulnerable to arbitrary script execution

Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...

JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...

JVN#64354801 b2evolution cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected b2evolution Version 1.9.1 beta and earlier b2evolution Version 1.8.6 and earlier...

JVN#82258242 Shopping Basket Professional vulnerable to OS command injection

Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket Professional v7 is installed. Solution Products Affected Shopping Basket Professional v7.50 and earlier For more information, refer to the vendor's website...

JVN#05088443 CGI RESCUE WebFORM vulnerable to HTTP header injection

Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" released from CGI RESCUE also contains a similar vulnerability...

JVN#24879092 CGI RESCUE WebFORM missing mail content vulnerability

Impact Some part of the sender information in the message may be lost. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" also contains a similar vulnerability...

JVN#05123538 CGI RESCUE WebFORM vulnerable to cross-site scripting

Impact An abitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, another product Web Mailer also contains a similar vulnerability. We have confirmed that the fixed version of the Web Mailer is also released...

JVN#32985115 Movable Type cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser or the display of a web page could be falsified. In addition, an attacker may be able to access a user's cookie allowing them to view sensitive information or hijack an authenticated user's session. Solution Products Affected...

JVN#07274813 phpAdsNew cross-site scripting vulnerability

The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. All users of these products are encouraged to update to the latest versions provided by the developer. phpPgAds 2.0.9-pr1 and earlier Max Media Manager v0.1.29-rc and earlier Max Media...

JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...

JVN#13939411 Drupal cross-site scripting vulnerability

Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a cookie is leaked, a remote attacker could possibly conduct session hijacking. Solution Products Affected Drupal 4.6.10 and earlier Drupal 4.7.4 and earlier...

JVN#65500885 Serene Bach cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution Products Affected Serene Bach ver 2.05R and earlier Serene Bach ver 2.08D and earlier sb 1.13D and earlier sb 1.18R and earlier...

JVN#45006961 Joomla! cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information in a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Joomla! 1.0.11 and earlier...

JVN#31185550 tDiary arbitrary Ruby script execution vulnerability

Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...

JVN#02729869 pnamazu cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected pnamazu-2006.02.28 and earlier For more information, refer to the developer's website...

JVN#78520316 a-blog cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected a-blog 1.51 and earlier...

JVN#74079537 SugarCRM cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker obtains session information from a cookie, an attacker could possibly conduct session hijacking. Solution Products Affected SugarCRM 4.5.0f and earlier...

JVN#34830904 Shobo Shobo Nikki System (sns) cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked. Solution Products Affected sns 3.11 and earlier...

JVN#47272891 Hanako buffer overflow vulnerability

Impact An arbitrary code could be executed on the PCs of Hanako user, if the user opens a specially crafted Hanako file sent by a remote attacker. Solution Products Affected Hanako 2004 Hanako 2005 Hanako 2006 Hanako Viewer 1.0 For more information, refer to the vendor's website...

JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)

Impact A remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. Solution Products Affected 1.8 series 1.8.5 and all previous versions Developer version 1.9 series 2006-12-04 and all previous versions For more information, refer to the...

JVN#38746816 TikiWiki cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected TikiWiki version 1.9.5 and earlier...

JVN#08494205 Chama Cargo cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Chama Cargo v4.36 and earlier For more information, refer to the vendor's website...

JVN#21125043 Blogn cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Blogn v1.9.3 and earlier...

JVN#47223461 tDiary cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected 2.0.2 stable and earlier 2.1.4.20061115 developer version and earlier...