5596 matches found
JVN#16558862 RWiki cross-site scripting vulnerability
Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitrary script could then be executed on the user's web browser. Solution Products Affected RWiki/2.1.0pre1 - RWiki/2.1.0...
JVN#55425662: MyWeb SQL injection vulnerability
Impact A remote attacker could view or modify the database contents. Solution Products Affected MyWeb Portal Office cellular phone functionality MyWeb Standard Edition MyWeb Public Edition MyWeb Medical Edition MyWeb Citizen Edition MyWeb School Edition MyWeb Light Edition...
JVN#84775942 Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling
Impact Actual impact could differ depending on the email clients though, an attacker coulld possibly forge a file name or a email client could handle a file inappropriately which may result in a file being overwritten or an arbitray file being created and saved in an arbitrary directory. Solution...
JVN#72225922 Apache Struts Validator allows to bypass input data validation
Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...
JVN#74294680 Winny buffer overflow vulnerability
Impact If a remote attacker sends a malicious packet, Winny will crash. It is publicly reported that arbitrary code may be executed with the privilege running Winny. Solution Products Affected Winny 2.0 b7.1 and earlier As of May 25, 2006, exploit information is publicly available. Currently we a...
JVN#83263796 SquirrelMail cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Solution Products Affected SquirrelMail 1.4.0 - 1.4.6 Release Candidate...
JVN#84091359 Trac cross-site scripting vulnerability
Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution Products Affected Trac 0.94 and earlier versions of 0.9 series Trac-ja 0.94 and earlier versions of 0.9 series...
JVN#35274905 FreeStyleWiki cross-site scripting vulnerability
Impact An rbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected FreeStyleWiki 3.5.10 and earlier...
JVN#10222000 QUICK CART OS command injection vulnerability
Impact A remote attacker could execute arbitrary operating system commands on a server running QUICK CART. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...
JVN#68630618 QUICK CART cross-site scripting vulnerability
Impact An arbitrary script could be executed on the user's web browser. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...
JVN#78363061 CAFEMILK Shopping Cart CGI cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked. Solution Products Affected CAFEMILK SHOPPING CART version 3.80 and earlier...
JVN#27365476 Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
Impact An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user. In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system. Solution Products Affected...
JVN#65542239 Hyper NIKKI System allows unauthorized email submission
Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails. Solution Products Affected hns-2.19.6 hns-lite-2.19.6 and earlier On March 8 2006, the vend...
JVN#41550845 Nagasaki Electronic Prefectural Office System SQL injection vulnerability
Impact A remote attacker may view or modify the database contents. Solution Products Affected Nagasaki Electronic Prefectural Office System's annual leave management system Nagasaki Electronic Prefectural Office System's staff directry system Nagasaki Electronic Prefectural Office System's docume...
JVN#77886599 Hatena Toolbar sends URL information unecnrypted
Impact When a user of Hatena Toolbar views a SSL secured web page, an attacker could obtain the information contained in the URL such as a session ID which needs to be protected. As a result, an attacker could possibly conduct session hijacking. Solution Products Affected Hatena Toolbar v1.5.4 an...
JVN#89344424 Multiple email clients vulnerable in handling an attachement inapropriately
Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a particular file name. Other possible impacts could be an attached file not being saved or hanged up while in the saving process, or an error message being displaye...
JVN#73133641 Eudora Japanese version stops working after the application crashes
Impact Eudora Japanese version stops functioning, once crashed by opening an email message containing a crafted image file. Solution Products Affected Eudora for Windows, earlier than version 6.2J rev 4.2...
JVN#93004125 BBSNote cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Solution Products Affected BBSNote V8.00b15 to V8.00b18...
JVN#87830692 WebNote Clip vulnerable to OS command injection
Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed. Solution Products Affected WebNote Clip 4.1.7 and earlier...
JVN#06045169 mod_imap cross-site scripting vulnerability
Impact A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where modimap or modimagemap is used. Solution Products Affected For more information, refer to the vendor's website...
JVN#28011334 Opera bookmark function vulnerability
Impact An user cannot start Opera Web Browser because it crashes during startup. Solution Products Affected Opera for Windows, earlier than version 8.51 Opera for MacOS, earlier than version 8.51...
JVN#15972537 Fujitsu Java Runtime Environment reflection API vulnerability
Impact If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet. Solution Products Affected For more information, refer to the vendor's website...
JVN#15243167 Problem with referer header handling on mobile phone web browsers
Impact Referer information may be unintendedly sent to a server under certain operating conditions. Solution Products Affected For more information, refer to the vendors' websites...
JVN#76357668 MitakeSearch cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Solution Products Affected MitakeSearch V4.2...
JVN#67001206 Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
Impact A malicious script may be executed on the user's web browser. Furthermore, a combination of the vulnerabilities can be exploited to create a new user with administrative privileges when a FreeStyleWiki administrator logs into it with administrative privileges and views a Wiki page which is...
JVN#30451602 HTTPD-User-Manage cross-site scripting vulnerability
Impact A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage. Solution Products Affected HTTPD-User-Manage 1.62 and earlier...
JVN#25106961 Kent Web PostMail vulnerable to third party mail relay
Impact An attacker could possibly compromise the mail server to send an unsolicited email. Solution Products Affected Kent Web PostMail 3.2 and earlier...
JVN#18282718 Hyper Estraier directory traversal/denial of service vulnerability
Impact If a remote attacker sends a specially crafted file and a user saves it in a search target directory, the attacker could register a file not to be searched in an index when the user creats an index, or cause a denial of service. Solution Products Affected Versions earlier than Hyper Estrai...
JVN#77105349 XOOPS cross-site scripting vulnerability
Impact A remote attacker may upload a script to be executed by a user reading a private message or a forum article. This may allow a remote attacker to perform a session-hijacking and manipulate the screens after the user logs in. Solution Products Affected XOOPS 2.0.12 JP and earlier XOOPS...
JVN#59130192 eBASEweb SQL injection vulnerability
Impact A remote attacker could alter database content or steal data. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected eBASEweb version 3.0...
JVN#23632449: OpenSSL version rollback vulnerability
Impact When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle MITM attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data...
JVN#79314822: Tomcat vulnerable in request processing
Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. The Apache Software Foundation currently does not support AJP 1.3 Connector, and recommends the use of Coyote JK Connector instead. It also recommends...
JVN#76659792 WirelessIP5000 has multiple vulnerabilities
Impact These vulnerabilities may allow an attacker to conduct the following attacks: Illegal information collection Change of the configuration using SNMP protocol, web browsers, etc. Denial of service DoS attacks using information which the HTTP server provides Impersonation and information...
JVN#31226748 Vulnerability in multiple web browsers allowing request spoofing attacks
Impact Authentication information or cookie information could be leaked. Solution Products Affected For more information, refer to the vendors' websites...
JVN#62914675 Ruby vulnerability allowing to bypass safe level 4 as a sandbox
Impact An attacker could possibly execute an arbitrary script. Solution Products Affected Ruby 1.8.2 and earlier...
JVN#40940493 Webmin and Usermin authentication bypass vulnerability
Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command with root privileges. Solution Products Affected Webmin Version 1.200 - 1.220 Usermin Version 1.130 - 1.160...
JVN#97422426 Hyper NIKKI System cross-site request forgery vulnerability
Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers including weblog administrato...
JVN#42435855 FreeStyleWiki command injection vulnerability
Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution Products Affected FreeStyleWiki 3.5.8 and earlier...
JVN#23727054 Pochy denial-of-service (DoS) vulnerability
Impact A remote attacker could exploit this vulnerability to cause a denial-of-service DoS attack by sending a specially crafted email to a Pochy user. Solution Products Affected Pochy 0.2.1a...
JVN#38138980 Hiki cross-site scripting vulnerability
Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations. Solution Products...
JVN#29273468 QRcode Perl CGI & PHP script vulnerable to denial of service attack
Impact A remote attacker may cause a denial of service DoS attack. Solution Products Affected QRcode Perl/CGI & PHP script ver. 0.50f and earlier including both Perl versions and PHP versions...
JVN#60776919 tDiary cross-site request forgery vulnerability
Impact If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execute an arbitrary script or command on the web server running tDiary with privileges of the tDiary user. Solution Products Affected...
JVN#93926203 Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Impact Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 JST on July 28, 2005. Java applications using JCE 1.2.1 may not start after 6:43 JST, +0900 on July 28, 2005. Solution Products Affected Java applications using Sun's JCE 1.2.1...
JVN#74012178 Movable Type session management vulnerability
Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution Products Affected Movable Type 3.151-ja and earlier...
JVN#97757029 w3ml cross-site scripting vulnerability
Impact An arbitrary script could be executed on the user's web browser which may allow an attacker to steal cookie information. Solution Products Affected w3ml-0.4-20020625 and earlier...
JVN#55023557 Buffalo router configuration management interface vulnerable to remote access and password leakage
Impact Configurations could be changed by the remote attacker. As the save configuration stores user's account and password information of ISPs in plain-text format, a remote attacker could steal such information and impersonate a user to gain illegal access. Solution Products Affected BUFFALO...