5625 matches found
JVN#90420168: Cybozu products vulnerable to directory traversal
Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution Products Affected Cybozu Office 6 5 1.2 and earlier Cybozu Garoon 1.5 4.0 and earlier...
JVN#11048526 mail f/w system vulnerable to allow unauthorized email transmissionk
Impact A remote attacker may exploit this vulnerability to send unsolicited mails to arbitrary email addresses. Solution Products Affected mail f/w system 8.2 and earlier...
JVN#39103264 Owl SQL injection vulnerability
Impact A remote attacker may modify or steal the database contents. Solution Products Affected Owl version 0.90 and earlier...
JVN#01137722 Owl cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution Products Affected Owl version 0.90 and earlier...
JVN#02091617 04WebServer cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected v1.83 and earlier...
JVN#51301450 NetCommons cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. As a result, a remote attacker could forge the web page contents. Solution Products Affected NetCommons 1.0.8 and earlier...
JVN#27428836 04WebServer directory traversal vulnerability
Impact A remote attacker could bypass a user authentication and view server files. Solution Products Affected v1.83 and earlier...
JVN#62171179 Kiri directory traversal vulnerability
Impact If the email analysis command processes an email with an attachment with a particular file name, the attachment may be written to an unintended location. Solution Products Affected Kiri ver9-2006 Kiri ver9-2005 Kiri ver9-2004...
JVN#65677118 Pixelpost cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Pixelpost 1.5 RC1-2 and earlier...
JVN#27794427 Dokeos cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Dokeos version 1.6.4 Patch 1 and earlier...
JVN#92975133 Loudblog cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly condust session hijacking. Solution Products Affected Loudblog 0.44 and earlier...
JVN#62307185 QwikiWiki cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution Products Affected QwikiWiki version 1.5.5 and earlier...
JVN#81108784 Geeklog cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Geeklog 1.4.0sr4 and earlier Geeklog 1.3.11sr6 and earlier...
JVN#76686161: ServerView cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...
JVN#73368472: ServerView directory traversal vulnerability
Impact A remote attacker could view particular files on the server. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...
JVN#13947696 Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.
Impact An attacker may be able to bypass the security model of a server application and change the status of a untained object. Solution Products Affected Ruby 1.8.4-20060516 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...
JVN#83768862 Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox
Impact An attacker could force programs to crash. Solution Products Affected Ruby 1.8.4-20060328 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...
JVN#73705637 ACollab SQL injection vulnerability
Impact A remote attacker could modify the database contents or steal data. An attacker could also bypass authentication and impersonate a user. Solution Products Affected ACollab 1.2 and earlier Development and maintenance of ACollab finished with version 1.2 as of July 6, 2006. However ATutor...
JVN#44846612 ATutor cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution Products Affected ATutor 1.5.3 RC2 and earlier...
JVN#98836916 Wiki clone products vulnerable to denial of service attacks
Impact A remote attacker could execute a DoS denial of service attack. Solution Products Affected For more information, refer to the vendors' websites...
JVN#76207423 Phorum cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Phorum 5.1.13 and earlier...
JVN#39188922 dotProject cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected dotProject 2.0.3 and earlier...
JVN#67974490 Webmin directory traversal vulnerability
Impact A remote attacker could view files on the computer without authentication. Private information could be leaked as a result. Solution Products Affected Webmin 1.280 and earlier Usermin 1.210 and earlier As of June 30, 2006, patched versions of the module addressing this vulnerability for al...
JVN#74969119 Microsoft Internet Explorer address bar spoofing vulnerability
Impact An user could be navigated to visit an untrusted malicous website even though the user intends to visit a trusted website. Therefore an attacker could possibly conduct a physing attack. Solution Products Affected Microsoft Internet Explorer For more information, refer to the vendor's websi...
JVN#39570254 CGI RESCUE WebFORM allows unauthorized email transmission
Impact A remote attacker may send emails to arbitrary addresses. Solution Products Affected WebFORM 4.1 and earlier According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available...
JVN#97636431 dotProject cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected dotProject 2.0.2 and earlier As of June 5, 2006, it is confirmed that Internet Explorer is affecte...
JVN#28513736 Mozilla Firefox HTTP 1.0 response smuggling vulnerability
Impact If a user views malicious web pages, an attacker could inject a script into the responses from a server in other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...
JVN#62734622 Mozilla Firefox vulnerable to HTTP response splitting
Impact If an user accesses a malicious web page, an attacker could inject scripts into HTTP responses from the other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...
JVN#46691257 RWiki arbitrary Ruby script execution vulnerability
Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution Products Affected RWiki/2.1.0pre2 and all earlier versions...
JVN#16558862 RWiki cross-site scripting vulnerability
Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitrary script could then be executed on the user's web browser. Solution Products Affected RWiki/2.1.0pre1 - RWiki/2.1.0...
JVN#55425662: MyWeb SQL injection vulnerability
Impact A remote attacker could view or modify the database contents. Solution Products Affected MyWeb Portal Office cellular phone functionality MyWeb Standard Edition MyWeb Public Edition MyWeb Medical Edition MyWeb Citizen Edition MyWeb School Edition MyWeb Light Edition...
JVN#84775942 Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling
Impact Actual impact could differ depending on the email clients though, an attacker coulld possibly forge a file name or a email client could handle a file inappropriately which may result in a file being overwritten or an arbitray file being created and saved in an arbitrary directory. Solution...
JVN#72225922 Apache Struts Validator allows to bypass input data validation
Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...
JVN#74294680 Winny buffer overflow vulnerability
Impact If a remote attacker sends a malicious packet, Winny will crash. It is publicly reported that arbitrary code may be executed with the privilege running Winny. Solution Products Affected Winny 2.0 b7.1 and earlier As of May 25, 2006, exploit information is publicly available. Currently we a...
JVN#83263796 SquirrelMail cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Solution Products Affected SquirrelMail 1.4.0 - 1.4.6 Release Candidate...
JVN#84091359 Trac cross-site scripting vulnerability
Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution Products Affected Trac 0.94 and earlier versions of 0.9 series Trac-ja 0.94 and earlier versions of 0.9 series...
JVN#35274905 FreeStyleWiki cross-site scripting vulnerability
Impact An rbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected FreeStyleWiki 3.5.10 and earlier...
JVN#68630618 QUICK CART cross-site scripting vulnerability
Impact An arbitrary script could be executed on the user's web browser. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...
JVN#10222000 QUICK CART OS command injection vulnerability
Impact A remote attacker could execute arbitrary operating system commands on a server running QUICK CART. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...
JVN#78363061 CAFEMILK Shopping Cart CGI cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked. Solution Products Affected CAFEMILK SHOPPING CART version 3.80 and earlier...
JVN#27365476 Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
Impact An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user. In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system. Solution Products Affected...
JVN#65542239 Hyper NIKKI System allows unauthorized email submission
Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails. Solution Products Affected hns-2.19.6 hns-lite-2.19.6 and earlier On March 8 2006, the vend...
JVN#41550845 Nagasaki Electronic Prefectural Office System SQL injection vulnerability
Impact A remote attacker may view or modify the database contents. Solution Products Affected Nagasaki Electronic Prefectural Office System's annual leave management system Nagasaki Electronic Prefectural Office System's staff directry system Nagasaki Electronic Prefectural Office System's docume...
JVN#77886599 Hatena Toolbar sends URL information unecnrypted
Impact When a user of Hatena Toolbar views a SSL secured web page, an attacker could obtain the information contained in the URL such as a session ID which needs to be protected. As a result, an attacker could possibly conduct session hijacking. Solution Products Affected Hatena Toolbar v1.5.4 an...
JVN#89344424 Multiple email clients vulnerable in handling an attachement inapropriately
Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a particular file name. Other possible impacts could be an attached file not being saved or hanged up while in the saving process, or an error message being displaye...
JVN#73133641 Eudora Japanese version stops working after the application crashes
Impact Eudora Japanese version stops functioning, once crashed by opening an email message containing a crafted image file. Solution Products Affected Eudora for Windows, earlier than version 6.2J rev 4.2...
JVN#93004125 BBSNote cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Solution Products Affected BBSNote V8.00b15 to V8.00b18...
JVN#87830692 WebNote Clip vulnerable to OS command injection
Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed. Solution Products Affected WebNote Clip 4.1.7 and earlier...
JVN#06045169 mod_imap cross-site scripting vulnerability
Impact A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where modimap or modimagemap is used. Solution Products Affected For more information, refer to the vendor's website...
JVN#28011334 Opera bookmark function vulnerability
Impact An user cannot start Opera Web Browser because it crashes during startup. Solution Products Affected Opera for Windows, earlier than version 8.51 Opera for MacOS, earlier than version 8.51...