5625 matches found
JVN#14243645 Adobe JRun cross-site scripting vulnerability
Impact An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from a cookie is leaked, an remote attacker could possibly conduct session hijacking. Solution Products Affected Adobe JRun 4.0 ColdFusion MX 6.1 Enterprise...
JVN#48566866 ColdFusion error page cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected ColdFusion MX 6.X ColdFusion MX 7.X For more information, refer to the vendor's website...
JVN#28356427 ColdFusion cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...
JVN#77366274 CCC Cleaner buffer overflow vulnerability
Impact Arbitrary code could be executed when CCC Cleaner scans UPX-packed files. Solution Products Affected CCC Cleaner CCC pattern Ver:185 CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder. Filenames: lpt$vpn.185 As of February 13...
JVN#84430861 Sage vulnerable to arbitrary script execution
Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...
JVN#80271113 MODx cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...
JVN#64354801 b2evolution cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected b2evolution Version 1.9.1 beta and earlier b2evolution Version 1.8.6 and earlier...
JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...
JVN#82258242 Shopping Basket Professional vulnerable to OS command injection
Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket Professional v7 is installed. Solution Products Affected Shopping Basket Professional v7.50 and earlier For more information, refer to the vendor's website...
JVN#05088443 CGI RESCUE WebFORM vulnerable to HTTP header injection
Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" released from CGI RESCUE also contains a similar vulnerability...
JVN#05123538 CGI RESCUE WebFORM vulnerable to cross-site scripting
Impact An abitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, another product Web Mailer also contains a similar vulnerability. We have confirmed that the fixed version of the Web Mailer is also released...
JVN#24879092 CGI RESCUE WebFORM missing mail content vulnerability
Impact Some part of the sender information in the message may be lost. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" also contains a similar vulnerability...
JVN#32985115 Movable Type cross-site scripting vulnerability
Impact An arbitrary script could be executed on the user's web browser or the display of a web page could be falsified. In addition, an attacker may be able to access a user's cookie allowing them to view sensitive information or hijack an authenticated user's session. Solution Products Affected...
JVN#07274813 phpAdsNew cross-site scripting vulnerability
The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. All users of these products are encouraged to update to the latest versions provided by the developer. phpPgAds 2.0.9-pr1 and earlier Max Media Manager v0.1.29-rc and earlier Max Media...
JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability
Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...
JVN#13939411 Drupal cross-site scripting vulnerability
Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a cookie is leaked, a remote attacker could possibly conduct session hijacking. Solution Products Affected Drupal 4.6.10 and earlier Drupal 4.7.4 and earlier...
JVN#65500885 Serene Bach cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution Products Affected Serene Bach ver 2.05R and earlier Serene Bach ver 2.08D and earlier sb 1.13D and earlier sb 1.18R and earlier...
JVN#45006961 Joomla! cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information in a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Joomla! 1.0.11 and earlier...
JVN#31185550 tDiary arbitrary Ruby script execution vulnerability
Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...
JVN#02729869 pnamazu cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected pnamazu-2006.02.28 and earlier For more information, refer to the developer's website...
JVN#78520316 a-blog cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected a-blog 1.51 and earlier...
JVN#74079537 SugarCRM cross-site scripting vulnerability
Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker obtains session information from a cookie, an attacker could possibly conduct session hijacking. Solution Products Affected SugarCRM 4.5.0f and earlier...
JVN#34830904 Shobo Shobo Nikki System (sns) cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked. Solution Products Affected sns 3.11 and earlier...
JVN#47272891 Hanako buffer overflow vulnerability
Impact An arbitrary code could be executed on the PCs of Hanako user, if the user opens a specially crafted Hanako file sent by a remote attacker. Solution Products Affected Hanako 2004 Hanako 2005 Hanako 2006 Hanako Viewer 1.0 For more information, refer to the vendor's website...
JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)
Impact A remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. Solution Products Affected 1.8 series 1.8.5 and all previous versions Developer version 1.9 series 2006-12-04 and all previous versions For more information, refer to the...
JVN#38746816 TikiWiki cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected TikiWiki version 1.9.5 and earlier...
JVN#08494205 Chama Cargo cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Chama Cargo v4.36 and earlier For more information, refer to the vendor's website...
JVN#21125043 Blogn cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Blogn v1.9.3 and earlier...
JVN#47223461 tDiary cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected 2.0.2 stable and earlier 2.1.4.20061115 developer version and earlier...
JVN#57280612 phpComasy cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected phpComasy 0.7.9-pre and earlier...
JVN#46244305 eyeOS cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Web pages could be spoofed as a result. Solution Products Affected eyeOS version 0.8.10 - 0.8.15...
JVN#61543834 EC-CUBE cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected EC-CUBE v1.0.0 and earlier For more information, refer to the vendor's website...
JVN#84656399 Nucleus cross-site scripting vulnerability
Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Nucleus v3.23 and earlier...
JVN#34522909 Kahua vulnerable in allowing to share login sessions
Impact A remote attacker could possibly take over the user privileges and manipulate applications when several user databases are in use. If a multiple applications of Kahua refer to different user database, a user could log into multiple applications which results in a login session to be shared...
JVN#88325166 Hyper NIKKI System cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected hns-2.190.8 hns-lite-2.190.8 and earlier...
JVN#30994815 MyODBC Japanese Conversion Edition denial of service vulnerability
Impact A remote attacker could cause a denial of service condition by sending a certain string in a response to a MySQL database. Solution Products Affected MyODBC Japanese Conversion Edition version 3.51.06, 2.50.29, 2.50.25 Development and maintenance of MyODBC Japanese Conversion Edition has...
JVN#07235355 desknet's buffer overflow vulnerability
Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution Products Affected version V4.5J R2.4 and earlier For more information, refer to the vendor's websites...
JVN#85996645 NEC MultiWriter 1700C/7500C FTP server vulnerability
Impact A remote attacker could possibly conduct a FTP bounce attack via the printer's FTP server against another host. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC NEC ColorMultiWriter 7500C model number: PR-L7500C For more...
JVN#63999575 NEC MultiWriter 1700C web server authentication bypass vulnerability
Impact A remote attacker could change the system configuration of the printer's built-in web server. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC For more information, refer to the vendor's website...
JVN#90815371 Ichitaro buffer overflow vulnerability
Impact Arbitrary code could be executed on the Ichitaro user's PC, if the user opens a specially crafted Ichitaro file sent by a remote attacker. Solution Products Affected Ichitaro 2006 Ichitaro 2006 demo version Ichitaro Government 2006 For more information, refer to the vendor's web site...
JVN#41241092 Kmail CGI authentication bypass vulnerability
Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution Products Affected Version 1.0.3 and earlier...
JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability
Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...
JVN#82240092 Drupal cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution Products Affected Drupal 4.7.2 and earlier Drupal 4.6.8 and earlier...
JVN#79484135 Joomla! cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Joomla! 1.0.8 and earlier...
JVN#30144870 SugarCRM cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected SugarCRM 4.2.1b and earlier SugarCRM 4.0.1g and earlier SugarCRM 3.5.1h and earlier...
JVN#68295640 Movable Type vulnerabile to cross-site scripting
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Movable Type 3.3, 3.31, 3.32 Movable Type Enterprise 1.01, 1.02 For more information, refer to the...
JVN#46630603 MDPro cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MDPro version 1.0.76 and earlier...
JVN#52201480 Microsoft Windows Indexing Service cross-site scripting vulnerability
Impact If the Indexing Service in Internet Information Services IIS provides search capabilities, an arbitrary script could be executed on the user's web browser. Solution Products Affected Windows 2000 Windows XP Windows 2000 Server Windows Server 2003...
JVN#99776858 Multiple vulnerabilities in Webmin and Usermin
Impact A remote attacker could conduct the followings: Steal Webmin and Usermin's configuration information Execute an arbitrary script on the user's web browser Possibly conduct a session hijack attack if session information from a cookie is leaked Solution Products Affected Webmin 1.290 and...
JVN#31125599 Cybozu Office 6 information disclosure vulnerability
Impact A remote attacker could obtain information on registered users and groups. Solution Products Affected Cybozu Office 6 6.51.2 and earlier...