Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/28 12:0 a.m.•31 views

JVN#90420168: Cybozu products vulnerable to directory traversal

Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution Products Affected Cybozu Office 6 5 1.2 and earlier Cybozu Garoon 1.5 4.0 and earlier...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/23 12:0 a.m.•14 views

JVN#11048526 mail f/w system vulnerable to allow unauthorized email transmissionk

Impact A remote attacker may exploit this vulnerability to send unsolicited mails to arbitrary email addresses. Solution Products Affected mail f/w system 8.2 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/16 12:0 a.m.•31 views

JVN#39103264 Owl SQL injection vulnerability

Impact A remote attacker may modify or steal the database contents. Solution Products Affected Owl version 0.90 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/16 12:0 a.m.•19 views

JVN#01137722 Owl cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution Products Affected Owl version 0.90 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/14 12:0 a.m.•19 views

JVN#02091617 04WebServer cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected v1.83 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/14 12:0 a.m.•12 views

JVN#51301450 NetCommons cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. As a result, a remote attacker could forge the web page contents. Solution Products Affected NetCommons 1.0.8 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/14 12:0 a.m.•17 views

JVN#27428836 04WebServer directory traversal vulnerability

Impact A remote attacker could bypass a user authentication and view server files. Solution Products Affected v1.83 and earlier...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/10 12:0 a.m.•13 views

JVN#62171179 Kiri directory traversal vulnerability

Impact If the email analysis command processes an email with an attachment with a particular file name, the attachment may be written to an unintended location. Solution Products Affected Kiri ver9-2006 Kiri ver9-2005 Kiri ver9-2004...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/31 12:0 a.m.•13 views

JVN#65677118 Pixelpost cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Pixelpost 1.5 RC1-2 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/28 12:0 a.m.•13 views

JVN#27794427 Dokeos cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Dokeos version 1.6.4 Patch 1 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/18 12:0 a.m.•11 views

JVN#62307185 QwikiWiki cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution Products Affected QwikiWiki version 1.5.5 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/18 12:0 a.m.•12 views

JVN#81108784 Geeklog cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Geeklog 1.4.0sr4 and earlier Geeklog 1.3.11sr6 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/18 12:0 a.m.•18 views

JVN#92975133 Loudblog cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly condust session hijacking. Solution Products Affected Loudblog 0.44 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/12 12:0 a.m.•13 views

JVN#73368472: ServerView directory traversal vulnerability

Impact A remote attacker could view particular files on the server. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/12 12:0 a.m.•14 views

JVN#76686161: ServerView cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/11 12:0 a.m.•11 views

JVN#13947696 Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.

Impact An attacker may be able to bypass the security model of a server application and change the status of a untained object. Solution Products Affected Ruby 1.8.4-20060516 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/11 12:0 a.m.•14 views

JVN#83768862 Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox

Impact An attacker could force programs to crash. Solution Products Affected Ruby 1.8.4-20060328 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/06 12:0 a.m.•11 views

JVN#73705637 ACollab SQL injection vulnerability

Impact A remote attacker could modify the database contents or steal data. An attacker could also bypass authentication and impersonate a user. Solution Products Affected ACollab 1.2 and earlier Development and maintenance of ACollab finished with version 1.2 as of July 6, 2006. However ATutor...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/06 12:0 a.m.•17 views

JVN#44846612 ATutor cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution Products Affected ATutor 1.5.3 RC2 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/03 12:0 a.m.•19 views

JVN#98836916 Wiki clone products vulnerable to denial of service attacks

Impact A remote attacker could execute a DoS denial of service attack. Solution Products Affected For more information, refer to the vendors' websites...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/26 12:0 a.m.•16 views

JVN#76207423 Phorum cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Phorum 5.1.13 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/26 12:0 a.m.•19 views

JVN#39188922 dotProject cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected dotProject 2.0.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/23 12:0 a.m.•38 views

JVN#67974490 Webmin directory traversal vulnerability

Impact A remote attacker could view files on the computer without authentication. Private information could be leaked as a result. Solution Products Affected Webmin 1.280 and earlier Usermin 1.210 and earlier As of June 30, 2006, patched versions of the module addressing this vulnerability for al...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/14 12:0 a.m.•40 views

JVN#74969119 Microsoft Internet Explorer address bar spoofing vulnerability

Impact An user could be navigated to visit an untrusted malicous website even though the user intends to visit a trusted website. Therefore an attacker could possibly conduct a physing attack. Solution Products Affected Microsoft Internet Explorer For more information, refer to the vendor's websi...

4.3CVSS6.2AI score0.19154EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/09 12:0 a.m.•16 views

JVN#39570254 CGI RESCUE WebFORM allows unauthorized email transmission

Impact A remote attacker may send emails to arbitrary addresses. Solution Products Affected WebFORM 4.1 and earlier According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/05 12:0 a.m.•14 views

JVN#97636431 dotProject cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected dotProject 2.0.2 and earlier As of June 5, 2006, it is confirmed that Internet Explorer is affecte...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/02 12:0 a.m.•13 views

JVN#28513736 Mozilla Firefox HTTP 1.0 response smuggling vulnerability

Impact If a user views malicious web pages, an attacker could inject a script into the responses from a server in other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/02 12:0 a.m.•16 views

JVN#62734622 Mozilla Firefox vulnerable to HTTP response splitting

Impact If an user accesses a malicious web page, an attacker could inject scripts into HTTP responses from the other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/05/24 12:0 a.m.•18 views

JVN#46691257 RWiki arbitrary Ruby script execution vulnerability

Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution Products Affected RWiki/2.1.0pre2 and all earlier versions...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/05/24 12:0 a.m.•16 views

JVN#16558862 RWiki cross-site scripting vulnerability

Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitrary script could then be executed on the user's web browser. Solution Products Affected RWiki/2.1.0pre1 - RWiki/2.1.0...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/05/22 12:0 a.m.•26 views

JVN#55425662: MyWeb SQL injection vulnerability

Impact A remote attacker could view or modify the database contents. Solution Products Affected MyWeb Portal Office cellular phone functionality MyWeb Standard Edition MyWeb Public Edition MyWeb Medical Edition MyWeb Citizen Edition MyWeb School Edition MyWeb Light Edition...

7.5CVSS6.6AI score0.01214EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/05/09 12:0 a.m.•19 views

JVN#84775942 Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling

Impact Actual impact could differ depending on the email clients though, an attacker coulld possibly forge a file name or a email client could handle a file inappropriately which may result in a file being overwritten or an arbitray file being created and saved in an arbitrary directory. Solution...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/26 12:0 a.m.•39 views

JVN#72225922 Apache Struts Validator allows to bypass input data validation

Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...

7.5CVSS7.4AI score0.06142EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/21 12:0 a.m.•25 views

JVN#74294680 Winny buffer overflow vulnerability

Impact If a remote attacker sends a malicious packet, Winny will crash. It is publicly reported that arbitrary code may be executed with the privilege running Winny. Solution Products Affected Winny 2.0 b7.1 and earlier As of May 25, 2006, exploit information is publicly available. Currently we a...

7.5CVSS6.7AI score0.0469EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/21 12:0 a.m.•38 views

JVN#83263796 SquirrelMail cross-site scripting vulnerability

Impact A malicious script may be executed on the user's web browser. Solution Products Affected SquirrelMail 1.4.0 - 1.4.6 Release Candidate...

4.3CVSS6AI score0.02034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/19 12:0 a.m.•15 views

JVN#84091359 Trac cross-site scripting vulnerability

Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution Products Affected Trac 0.94 and earlier versions of 0.9 series Trac-ja 0.94 and earlier versions of 0.9 series...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/17 12:0 a.m.•20 views

JVN#35274905 FreeStyleWiki cross-site scripting vulnerability

Impact An rbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected FreeStyleWiki 3.5.10 and earlier...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/13 12:0 a.m.•49 views

JVN#68630618 QUICK CART cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/13 12:0 a.m.•17 views

JVN#10222000 QUICK CART OS command injection vulnerability

Impact A remote attacker could execute arbitrary operating system commands on a server running QUICK CART. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...

8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/10 12:0 a.m.•14 views

JVN#78363061 CAFEMILK Shopping Cart CGI cross-site scripting vulnerability

Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked. Solution Products Affected CAFEMILK SHOPPING CART version 3.80 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/03/01 12:0 a.m.•13 views

JVN#27365476 Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Impact An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user. In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system. Solution Products Affected...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/02/28 12:0 a.m.•17 views

JVN#65542239 Hyper NIKKI System allows unauthorized email submission

Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails. Solution Products Affected hns-2.19.6 hns-lite-2.19.6 and earlier On March 8 2006, the vend...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/02/03 12:0 a.m.•18 views

JVN#41550845 Nagasaki Electronic Prefectural Office System SQL injection vulnerability

Impact A remote attacker may view or modify the database contents. Solution Products Affected Nagasaki Electronic Prefectural Office System's annual leave management system Nagasaki Electronic Prefectural Office System's staff directry system Nagasaki Electronic Prefectural Office System's docume...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/02/01 12:0 a.m.•29 views

JVN#77886599 Hatena Toolbar sends URL information unecnrypted

Impact When a user of Hatena Toolbar views a SSL secured web page, an attacker could obtain the information contained in the URL such as a session ID which needs to be protected. As a result, an attacker could possibly conduct session hijacking. Solution Products Affected Hatena Toolbar v1.5.4 an...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/01/31 12:0 a.m.•11 views

JVN#89344424 Multiple email clients vulnerable in handling an attachement inapropriately

Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a particular file name. Other possible impacts could be an attached file not being saved or hanged up while in the saving process, or an error message being displaye...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/01/17 12:0 a.m.•13 views

JVN#73133641 Eudora Japanese version stops working after the application crashes

Impact Eudora Japanese version stops functioning, once crashed by opening an email message containing a crafted image file. Solution Products Affected Eudora for Windows, earlier than version 6.2J rev 4.2...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/27 12:0 a.m.•14 views

JVN#93004125 BBSNote cross-site scripting vulnerability

Impact A malicious script may be executed on the user's web browser. Solution Products Affected BBSNote V8.00b15 to V8.00b18...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/20 12:0 a.m.•20 views

JVN#87830692 WebNote Clip vulnerable to OS command injection

Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed. Solution Products Affected WebNote Clip 4.1.7 and earlier...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/15 12:0 a.m.•40 views

JVN#06045169 mod_imap cross-site scripting vulnerability

Impact A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where modimap or modimagemap is used. Solution Products Affected For more information, refer to the vendor's website...

4.3CVSS9.4AI score0.73692EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/14 12:0 a.m.•13 views

JVN#28011334 Opera bookmark function vulnerability

Impact An user cannot start Opera Web Browser because it crashes during startup. Solution Products Affected Opera for Windows, earlier than version 8.51 Opera for MacOS, earlier than version 8.51...

7.2AI score
Exploits0
Total number of security vulnerabilities5625