5625 matches found
Oracle WebLogic Server vulnerable to cross-site scripting
Overview Oracle WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Minetoshi Takizawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#38216398: osCommerce vulnerable to directory traversal
osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by the...
JVN#36559450: osCommerce Japanese version vulnerable to cross-site scripting
osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the software Update to the latest version according to the...
JVN#54779201: Oracle WebLogic Server vulnerable to cross-site scripting
Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Impact An arbitrary script may be executed on the browser of the user who is logged into the administration console of Oracle WebLogic Server. Solution Update the Software Apply the latest update...
JVN#64386898: osCommerce vulnerable to cross-site scripting
osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by th...
Cogent DataHub vulnerable to cross-site scripting
Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center ICST, Taiwan R.O.C. reported this vulnerability to JPCERT/CC...
Cogent DataHub vulnerable to HTTP header injection
Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology...
Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service
Overview CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Kuang-Chun Hung of Security Research and Service Institute -...
JVN#63249231: Cogent DataHub vulnerable to HTTP header injection
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Impact If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on th...
JVN#78901873: Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service
CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version according to the information...
JVN#12983784: Cogent DataHub vulnerable to cross-site scripting
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the...
An authentication information Exposure Vulnerability in JP1/IT Resource Management - Manager
Overview An authentication information exposure vulnerability was found in JP1/IT Resource Management - Manager. Impact An authentication information might be exposured. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability
Overview JP1/Cm2/Network Node Manager i NNMi contains vulnerabilities could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...
Movable Type Plugin MailForm vulnerable to cross-site scripting
Overview MailForm contains a cross-site scripting vulnerability. MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
WordPress vulnerable to arbitrary PHP code execution
Overview WordPress contains a vulnerability where arbitrary PHP code may be executed. WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this...
WordPress Japanese vulnerable to cross-site scripting
Overview WordPress Japanese contains a cross-site scripting vulnerability. WordPress provided by WordPress.Org is a weblog system. WordPress Japanese contains a cross-site scripting vulnerability. Katsuhiro Kawahara, Kozo Fukui of Kobe Digital Labo.,Inc. and Yuya Yoshida of Mitsui Bussan Secure...
JVN#44439553: WordPress Japanese vulnerable to cross-site scripting
WordPress provided by WordPress.Org is a weblog system. WordPress Japanese contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...
JVN#40498018: WordPress vulnerable to arbitrary PHP code execution
WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Update the software Update to the latest...
JVN#60887968: Movable Type Plugin MailForm vulnerable to cross-site scripting
MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the fixed version according to the information provided by the developer. Products Affected...
PukiWiki Plus! vulnerable to cross-site scripting
Overview PukiWiki Plus! contains a cross-site scripting vulnerability. PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Koki Nakayasu of Keiji Takeda Lab, Keio...
Apache Struts vulnerable to cross-site scripting
Overview Apache Struts may create web applications that contain a cross-site scripting vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting...
JVN#76515037: PukiWiki Plus! vulnerable to cross-site scripting
PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...
JVN#25435092: Apache Struts vulnerable to cross-site scripting
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update t...
Safari for iOS vulnerable to denial-of-service
Overview Safari for iOS contains a denial-of-service DoS vulnerability. Shuichiro Suzuki of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may be abl...
Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK
Overview Products that use the Preboot Execution Environment PXE SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories...
JVN#05255562: Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK
Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Impact Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Solution Update the software Update according to th...
JVN#15549168: Safari for iOS vulnerable to denial-of-service
Safari for iOS contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version of iOS according to the information provided by the developer. Products Affected Safari contained in iOS...
FFFTP may insecurely load executable files
Overview FFFTP may use unsafe methods for determining how to load executables .exe FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Fumihiko Sano reported this vulnerability to IPA. JPCERT/CC...
JVN#94002296: FFFTP may insecurely load executable files
FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest versio...
phpWebSite vulnerable to cross-site scripting
Overview phpWebSite contains a cross-site scripting vulnerability. phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#70502960: phpWebSite vulnerable to cross-site scripting
phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...
Etomite vulnerable to cross-site scripting
Overview Etomite contains a cross-site scripting vulnerability. Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
PowerChute Business Edition vulnerable to cross-site scripting
Overview PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported th...
JVN#04329324: Etomite vulnerable to cross-site scripting
Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#61695284: PowerChute Business Edition vulnerable to cross-site scripting
PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version accordin...
Nikki vulnerable to OS command injection
Overview Nikki from HP no Mawashimono contains an OS command injection vulnerability. Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Nikki vulnerable to directory traversal
Overview Nikki from HP no Mawashimono contains a directory traversal vulnerability. Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#48839888: Nikki vulnerable to OS command injection
Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of the web server. Solution Update the software Update to the latest version according to the...
JVN#80081509: Nikki vulnerable to directory traversal
Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by...
ChaSen vulnerable to buffer overflow
Overview ChaSen provided by Nara Institute of Science and Technology contains a buffer overflow vulnerability. ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a...
Iwate Portal Bar vulnerable to arbitrary script execution
Overview Iwate Portal Bar is vulnerable to arbitrary script execution. Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper...
JVN#16901583: ChaSen vulnerable to buffer overflow
ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a buffer overflow. ChaSen legacy project has inherited development of ChaSen since 11/8/2011. Impact An arbitrary...
JVN#33861625: Iwate Portal Bar vulnerable to arbitrary script execution
Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An...
WebObjects vulnerable to cross-site scripting
Overview WebObjects provided by Apple, contains a cross-site scripting vulnerability. WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...
Opengear console servers vulnerable to authentication bypass
Overview Opengear console servers contains an authentication bypass vulnerability. Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability. Tadayoshi Nakahira reported this vulnerability to IPA. JPCERT/CC...
JVN#37223351: WebObjects vulnerable to cross-site scripting
WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the develope...
JVN#71349007: Opengear console servers vulnerable to authentication bypass
Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability. Impact A remote attacker may change the settings in the Opengear console server or gain access to products that are connected to the console server...
CSWorks LiveData Service vulnerable to denial-of-service (DoS)
Overview LiveData Service, a server component of CSWorks contains a denial-of-service DoS vulnerability. LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Kuang-Chun Hung of Security Research and Service...
JVN#98649286: CSWorks LiveData Service vulnerable to denial-of-service (DoS)
LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version according to the information...
Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery
Overview Multiple products provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged...