JVN#59130192 eBASEweb SQL injection vulnerability

Impact A remote attacker could alter database content or steal data. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected eBASEweb version 3.0...

JVN#23632449: OpenSSL version rollback vulnerability

Impact When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle MITM attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data...

JVN#76659792 WirelessIP5000 has multiple vulnerabilities

Impact These vulnerabilities may allow an attacker to conduct the following attacks: Illegal information collection Change of the configuration using SNMP protocol, web browsers, etc. Denial of service DoS attacks using information which the HTTP server provides Impersonation and information...

JVN#79314822: Tomcat vulnerable in request processing

Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. The Apache Software Foundation currently does not support AJP 1.3 Connector, and recommends the use of Coyote JK Connector instead. It also recommends...

JVN#31226748 Vulnerability in multiple web browsers allowing request spoofing attacks

Impact Authentication information or cookie information could be leaked. Solution Products Affected For more information, refer to the vendors' websites...

JVN#62914675 Ruby vulnerability allowing to bypass safe level 4 as a sandbox

Impact An attacker could possibly execute an arbitrary script. Solution Products Affected Ruby 1.8.2 and earlier...

JVN#40940493 Webmin and Usermin authentication bypass vulnerability

Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command with root privileges. Solution Products Affected Webmin Version 1.200 - 1.220 Usermin Version 1.130 - 1.160...

JVN#97422426 Hyper NIKKI System cross-site request forgery vulnerability

Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers including weblog administrato...

JVN#42435855 FreeStyleWiki command injection vulnerability

Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution Products Affected FreeStyleWiki 3.5.8 and earlier...

JVN#23727054 Pochy denial-of-service (DoS) vulnerability

Impact A remote attacker could exploit this vulnerability to cause a denial-of-service DoS attack by sending a specially crafted email to a Pochy user. Solution Products Affected Pochy 0.2.1a...

JVN#38138980 Hiki cross-site scripting vulnerability

Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations. Solution Products...

JVN#29273468 QRcode Perl CGI & PHP script vulnerable to denial of service attack

Impact A remote attacker may cause a denial of service DoS attack. Solution Products Affected QRcode Perl/CGI & PHP script ver. 0.50f and earlier including both Perl versions and PHP versions...

JVN#60776919 tDiary cross-site request forgery vulnerability

Impact If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execute an arbitrary script or command on the web server running tDiary with privileges of the tDiary user. Solution Products Affected...

JVN#93926203 Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate

Impact Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 JST on July 28, 2005. Java applications using JCE 1.2.1 may not start after 6:43 JST, +0900 on July 28, 2005. Solution Products Affected Java applications using Sun's JCE 1.2.1...

JVN#74012178 Movable Type session management vulnerability

Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution Products Affected Movable Type 3.151-ja and earlier...

JVN#97757029 w3ml cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser which may allow an attacker to steal cookie information. Solution Products Affected w3ml-0.4-20020625 and earlier...

JVN#55023557 Buffalo router configuration management interface vulnerable to remote access and password leakage

Impact Configurations could be changed by the remote attacker. As the save configuration stores user's account and password information of ISPs in plain-text format, a remote attacker could steal such information and impersonate a user to gain illegal access. Solution Products Affected BUFFALO...