5609 matches found
SquirrelMail plugin Autocomplete vulnerable to cross-site scripting
Overview The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability. The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting...
JVN#79950061: Jenkins vulnerable to cross-site scripting
Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN14791558. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...
JVN#56653852: SquirrelMail plugin Autocomplete vulnerable to cross-site scripting
The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#14791558: Jenkins vulnerable to cross-site scripting
Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...
ES File Explorer fails to restrict access permissions
Overview ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted. ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted. Shiongu of satoweb and...
JVN#08871006: ES File Explorer fails to restrict access permissions
ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted. Impact When using a specific function, a remote attacker may obtain local files that the application has permissions to view. Solution Upda...
Kingsoft Internet Security 2011 vulnerable to denial-of-service
Overview Kingsoft Internet Security 2011 contains a denial-of-service DoS vulnerability. Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service DoS. Satoshi TANDA of Fourteenforty Research Institute Inc. reported this vulnerability t...
JVN#31517714: Kingsoft Internet Security 2011 vulnerable to denial-of-service
Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service DoS. Impact An attacker that can login to the system with the software running may cause a denial-of-service DoS. Solution Update the Software Update to the latest version...
Movable Type vulnerable to session hijacking
Overview Movable Type contains a session hijacking vulnerability. Movable Type contains a session hijacking vulnerability in entering comments and community functionality. Impact A remote unauthenticated attacker may impersonate an honest user of the affected product. Solution Update the software...
Movable Type vulnerable to OS command injection
Overview Movable Type contains an OS command injection vulnerability. Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each produ...
Movable Type vulnerable to cross-site request forgery
Overview Movable Type contains a cross-site request forgery vulnerability. Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or...
JVN#92683325: Movable Type vulnerable to OS command injection
Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest version of each product according to the information provided by the...
JVN#49836527: Movable Type vulnerable to cross-site scripting
mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each product according to the information provided by the developer. Products...
JVN#70683217: Movable Type vulnerable to cross-site request forgery
Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or altered. Solution Update the software Update to the latest version for each...
JVN#20083397: Movable Type vulnerable to session hijacking
Movable Type contains a session hijacking vulnerability in entering comments and community functionality. Impact A remote unauthenticated attacker may impersonate an honest user of the affected product. Solution Update the software Update to the latest version of each product according to the...
Multiple COOKPAD applications for Android vulnerable in WebView class
Overview Multiple COOKPAD applications for Android contain a vulnerability in WebView class. Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Gaku Mochizuki of Mitsui Bussan...
JVN#25731073: Multiple COOKPAD applications for Android vulnerable in WebView class
Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Impact If an user of the affected product uses other malicious Android application, the information contained in the affecte...
cforms II vulnerable to cross-site scripting
Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...
JVN#35256978: cforms II vulnerable to cross-site scripting
cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
ALFTP may insecurely load executable files
Overview ALFTP may use unsafe methods for determining how to load executables. ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files. For example, if an user tries to open README a file without extention which exists in t...
JVN#85695061: ALFTP may insecurely load executable files
ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files. For example, if an user tries to open README a file without extention which exists in the same directory where README.exe a file with .exe extention exists, README.ex...
Apache Struts 2 vulnerable to an arbitrary Java method execution
Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...
JVN#79099262: Apache Struts 2 vulnerable to an arbitrary Java method execution
Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is contained in action. Impact If a remote attacker sends a malformed request parameter ...
Pocket WiFi (GP02) vulnerable to cross-site request forgery
Overview Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Pocket WiFi GP02 provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA...
JVN#33021167: Pocket WiFi (GP02) vulnerable to cross-site request forgery
Pocket WiFi GP02 provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings of Pocket WiFi GP02 may be initialized, or Pocket WiFi GP02 may be rebooted. Solution...
Arbitrary Code Execution Vulnerability in Hitachi COBOL2002
Overview Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite contain a vulnerability where arbitrary code may be executed. Impact A remote attacker could execute arbitrary code via unknown attack vectors. Solution Please refer to the 'Vendor Information' section for the offici...
Hitachi IT Operations Director Cross-Site Scripting Vulnerability
Overview Hitachi IT Operations Director contains a cross-site scripting vulnerability. Impact A remote attacker could inject arbitrary web script or HTML. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Hitachi IT Operations Analyzer Cross-Site Scripting Vulnerability
Overview Hitachi IT Operations Analyzer contains a cross-site scripting vulnerability. Impact A remote attacker could inject arbitrary web script or HTML. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
glucose 2 vulnerable to arbitrary script execution
Overview glucose 2 is vulnerable to arbitrary script execution. glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
JVN#65869891: glucose 2 vulnerable to arbitrary script execution
glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Impact An arbitrary script may be executed on the vulnerable system. Solution Update the software Update to the latest version...
osCommerce Japanese version vulnerable to cross-site scripting
Overview osCommerce Japanese version contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this...
osCommerce vulnerable to cross-site scripting
Overview osCommerce contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
osCommerce vulnerable to directory traversal
Overview osCommerce contains a directory traversal vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to...
Oracle WebLogic Server vulnerable to cross-site scripting
Overview Oracle WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Minetoshi Takizawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#36559450: osCommerce Japanese version vulnerable to cross-site scripting
osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the software Update to the latest version according to the...
JVN#54779201: Oracle WebLogic Server vulnerable to cross-site scripting
Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Impact An arbitrary script may be executed on the browser of the user who is logged into the administration console of Oracle WebLogic Server. Solution Update the Software Apply the latest update...
JVN#38216398: osCommerce vulnerable to directory traversal
osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by the...
JVN#64386898: osCommerce vulnerable to cross-site scripting
osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by th...
Cogent DataHub vulnerable to cross-site scripting
Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center ICST, Taiwan R.O.C. reported this vulnerability to JPCERT/CC...
Cogent DataHub vulnerable to HTTP header injection
Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology...
Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service
Overview CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Kuang-Chun Hung of Security Research and Service Institute -...
JVN#63249231: Cogent DataHub vulnerable to HTTP header injection
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Impact If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on th...
JVN#12983784: Cogent DataHub vulnerable to cross-site scripting
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the...
JVN#78901873: Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service
CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version according to the information...
An authentication information Exposure Vulnerability in JP1/IT Resource Management - Manager
Overview An authentication information exposure vulnerability was found in JP1/IT Resource Management - Manager. Impact An authentication information might be exposured. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability
Overview JP1/Cm2/Network Node Manager i NNMi contains vulnerabilities could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...
Movable Type Plugin MailForm vulnerable to cross-site scripting
Overview MailForm contains a cross-site scripting vulnerability. MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
WordPress vulnerable to arbitrary PHP code execution
Overview WordPress contains a vulnerability where arbitrary PHP code may be executed. WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this...
WordPress Japanese vulnerable to cross-site scripting
Overview WordPress Japanese contains a cross-site scripting vulnerability. WordPress provided by WordPress.Org is a weblog system. WordPress Japanese contains a cross-site scripting vulnerability. Katsuhiro Kawahara, Kozo Fukui of Kobe Digital Labo.,Inc. and Yuya Yoshida of Mitsui Bussan Secure...