Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/14 12:0 a.m.•39 views

JVN#14243645 Adobe JRun cross-site scripting vulnerability

Impact An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from a cookie is leaked, an remote attacker could possibly conduct session hijacking. Solution Products Affected Adobe JRun 4.0 ColdFusion MX 6.1 Enterprise...

4.3CVSS6.4AI score0.0319EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/14 12:0 a.m.•48 views

JVN#48566866 ColdFusion error page cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected ColdFusion MX 6.X ColdFusion MX 7.X For more information, refer to the vendor's website...

4.3CVSS6.2AI score0.08336EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/14 12:0 a.m.•36 views

JVN#28356427 ColdFusion cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...

4.3CVSS6.3AI score0.03019EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/10 12:0 a.m.•28 views

JVN#77366274 CCC Cleaner buffer overflow vulnerability

Impact Arbitrary code could be executed when CCC Cleaner scans UPX-packed files. Solution Products Affected CCC Cleaner CCC pattern Ver:185 CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder. Filenames: lpt$vpn.185 As of February 13...

9.3CVSS6.4AI score0.083EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/09 12:0 a.m.•15 views

JVN#84430861 Sage vulnerable to arbitrary script execution

Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/29 12:0 a.m.•14 views

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/26 12:0 a.m.•15 views

JVN#64354801 b2evolution cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected b2evolution Version 1.9.1 beta and earlier b2evolution Version 1.8.6 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/26 12:0 a.m.•18 views

JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•13 views

JVN#82258242 Shopping Basket Professional vulnerable to OS command injection

Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket Professional v7 is installed. Solution Products Affected Shopping Basket Professional v7.50 and earlier For more information, refer to the vendor's website...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•22 views

JVN#05088443 CGI RESCUE WebFORM vulnerable to HTTP header injection

Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" released from CGI RESCUE also contains a similar vulnerability...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•14 views

JVN#05123538 CGI RESCUE WebFORM vulnerable to cross-site scripting

Impact An abitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, another product Web Mailer also contains a similar vulnerability. We have confirmed that the fixed version of the Web Mailer is also released...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•14 views

JVN#24879092 CGI RESCUE WebFORM missing mail content vulnerability

Impact Some part of the sender information in the message may be lost. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" also contains a similar vulnerability...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/23 12:0 a.m.•21 views

JVN#32985115 Movable Type cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser or the display of a web page could be falsified. In addition, an attacker may be able to access a user's cookie allowing them to view sensitive information or hijack an authenticated user's session. Solution Products Affected...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/22 12:0 a.m.•30 views

JVN#07274813 phpAdsNew cross-site scripting vulnerability

The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. All users of these products are encouraged to update to the latest versions provided by the developer. phpPgAds 2.0.9-pr1 and earlier Max Media Manager v0.1.29-rc and earlier Max Media...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/18 12:0 a.m.•17 views

JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/17 12:0 a.m.•11 views

JVN#13939411 Drupal cross-site scripting vulnerability

Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a cookie is leaked, a remote attacker could possibly conduct session hijacking. Solution Products Affected Drupal 4.6.10 and earlier Drupal 4.7.4 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/05 12:0 a.m.•40 views

JVN#65500885 Serene Bach cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution Products Affected Serene Bach ver 2.05R and earlier Serene Bach ver 2.08D and earlier sb 1.13D and earlier sb 1.18R and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/28 12:0 a.m.•10 views

JVN#45006961 Joomla! cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information in a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Joomla! 1.0.11 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/28 12:0 a.m.•15 views

JVN#31185550 tDiary arbitrary Ruby script execution vulnerability

Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/25 12:0 a.m.•13 views

JVN#02729869 pnamazu cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected pnamazu-2006.02.28 and earlier For more information, refer to the developer's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/22 12:0 a.m.•27 views

JVN#78520316 a-blog cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected a-blog 1.51 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/21 12:0 a.m.•25 views

JVN#74079537 SugarCRM cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker obtains session information from a cookie, an attacker could possibly conduct session hijacking. Solution Products Affected SugarCRM 4.5.0f and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/08 12:0 a.m.•11 views

JVN#34830904 Shobo Shobo Nikki System (sns) cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked. Solution Products Affected sns 3.11 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/05 12:0 a.m.•20 views

JVN#47272891 Hanako buffer overflow vulnerability

Impact An arbitrary code could be executed on the PCs of Hanako user, if the user opens a specially crafted Hanako file sent by a remote attacker. Solution Products Affected Hanako 2004 Hanako 2005 Hanako 2006 Hanako Viewer 1.0 For more information, refer to the vendor's website...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/04 12:0 a.m.•33 views

JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)

Impact A remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. Solution Products Affected 1.8 series 1.8.5 and all previous versions Developer version 1.9 series 2006-12-04 and all previous versions For more information, refer to the...

5CVSS7.3AI score0.04071EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/04 12:0 a.m.•14 views

JVN#38746816 TikiWiki cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected TikiWiki version 1.9.5 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/30 12:0 a.m.•13 views

JVN#08494205 Chama Cargo cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Chama Cargo v4.36 and earlier For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/29 12:0 a.m.•19 views

JVN#21125043 Blogn cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Blogn v1.9.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/27 12:0 a.m.•11 views

JVN#47223461 tDiary cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected 2.0.2 stable and earlier 2.1.4.20061115 developer version and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/24 12:0 a.m.•15 views

JVN#57280612 phpComasy cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected phpComasy 0.7.9-pre and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/20 12:0 a.m.•11 views

JVN#46244305 eyeOS cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Web pages could be spoofed as a result. Solution Products Affected eyeOS version 0.8.10 - 0.8.15...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/17 12:0 a.m.•25 views

JVN#61543834 EC-CUBE cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected EC-CUBE v1.0.0 and earlier For more information, refer to the vendor's website...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/14 12:0 a.m.•15 views

JVN#84656399 Nucleus cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Nucleus v3.23 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/10 12:0 a.m.•13 views

JVN#34522909 Kahua vulnerable in allowing to share login sessions

Impact A remote attacker could possibly take over the user privileges and manipulate applications when several user databases are in use. If a multiple applications of Kahua refer to different user database, a user could log into multiple applications which results in a login session to be shared...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/06 12:0 a.m.•13 views

JVN#88325166 Hyper NIKKI System cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected hns-2.190.8 hns-lite-2.190.8 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/06 12:0 a.m.•15 views

JVN#30994815 MyODBC Japanese Conversion Edition denial of service vulnerability

Impact A remote attacker could cause a denial of service condition by sending a certain string in a response to a MySQL database. Solution Products Affected MyODBC Japanese Conversion Edition version 3.51.06, 2.50.29, 2.50.25 Development and maintenance of MyODBC Japanese Conversion Edition has...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/24 12:0 a.m.•15 views

JVN#07235355 desknet's buffer overflow vulnerability

Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution Products Affected version V4.5J R2.4 and earlier For more information, refer to the vendor's websites...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/20 12:0 a.m.•15 views

JVN#85996645 NEC MultiWriter 1700C/7500C FTP server vulnerability

Impact A remote attacker could possibly conduct a FTP bounce attack via the printer's FTP server against another host. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC NEC ColorMultiWriter 7500C model number: PR-L7500C For more...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/20 12:0 a.m.•20 views

JVN#63999575 NEC MultiWriter 1700C web server authentication bypass vulnerability

Impact A remote attacker could change the system configuration of the printer's built-in web server. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/18 12:0 a.m.•10 views

JVN#90815371 Ichitaro buffer overflow vulnerability

Impact Arbitrary code could be executed on the Ichitaro user's PC, if the user opens a specially crafted Ichitaro file sent by a remote attacker. Solution Products Affected Ichitaro 2006 Ichitaro 2006 demo version Ichitaro Government 2006 For more information, refer to the vendor's web site...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/12 12:0 a.m.•12 views

JVN#41241092 Kmail CGI authentication bypass vulnerability

Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution Products Affected Version 1.0.3 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/02 12:0 a.m.•15 views

JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability

Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/28 12:0 a.m.•16 views

JVN#82240092 Drupal cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution Products Affected Drupal 4.7.2 and earlier Drupal 4.6.8 and earlier...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/28 12:0 a.m.•19 views

JVN#79484135 Joomla! cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Joomla! 1.0.8 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/26 12:0 a.m.•13 views

JVN#30144870 SugarCRM cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected SugarCRM 4.2.1b and earlier SugarCRM 4.0.1g and earlier SugarCRM 3.5.1h and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/26 12:0 a.m.•13 views

JVN#68295640 Movable Type vulnerabile to cross-site scripting

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Movable Type 3.3, 3.31, 3.32 Movable Type Enterprise 1.01, 1.02 For more information, refer to the...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/22 12:0 a.m.•19 views

JVN#46630603 MDPro cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MDPro version 1.0.76 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/13 12:0 a.m.•30 views

JVN#52201480 Microsoft Windows Indexing Service cross-site scripting vulnerability

Impact If the Indexing Service in Internet Information Services IIS provides search capabilities, an arbitrary script could be executed on the user's web browser. Solution Products Affected Windows 2000 Windows XP Windows 2000 Server Windows Server 2003...

4.3CVSS6.2AI score0.33221EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/31 12:0 a.m.•12 views

JVN#99776858 Multiple vulnerabilities in Webmin and Usermin

Impact A remote attacker could conduct the followings: Steal Webmin and Usermin's configuration information Execute an arbitrary script on the user's web browser Possibly conduct a session hijack attack if session information from a cookie is leaked Solution Products Affected Webmin 1.290 and...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/28 12:0 a.m.•16 views

JVN#31125599 Cybozu Office 6 information disclosure vulnerability

Impact A remote attacker could obtain information on registered users and groups. Solution Products Affected Cybozu Office 6 6.51.2 and earlier...

7AI score
Exploits0
Total number of security vulnerabilities5625