Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•39 views

JVN#71435255: Multiple vulnerabilities in Phorum

Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Impact An arbitrary file may be uploaded or an arbitrary script may be executed on the web browser of a user that is logged in. Solution Update the software Update to the lates...

6.8CVSS5.8AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 8:14 a.m.•5 views

Samba Web Administration Tool vulnerable to cross-site scripting

Overview Samba Web Administration Tool contains a cross-site scripting vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. nobuhiro tsuji...

2.6CVSS6AI score0.06293EPSS
Exploits0References21
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 8:12 a.m.•3 views

Samba Web Administration Tool vulnerable to cross-site request forgery

Overview Samba Web Administration Tool SWAT contains a cross-site request forgery vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samb...

6.8CVSS6.5AI score0.10046EPSS
Exploits6References21
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 6:50 a.m.•4 views

WebsiteBaker vulnerable to cross-site scripting

Overview WebsiteBaker contains a cross-site scripting vulnerability. WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.1AI score0.00845EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 12:0 a.m.•45 views

JVN#63041502: Samba Web Administration Tool vulnerable to cross-site scripting

Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. Impact An arbitrary script may be executed on the web browser of a user that is logged into SWAT...

2.6CVSS5.1AI score0.06293EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 12:0 a.m.•40 views

JVN#02134508: WebsiteBaker vulnerable to cross-site scripting

WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to Lepton CMS according to the information provided by the developer. Products...

4.3CVSS5.8AI score0.00845EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 12:0 a.m.•34 views

JVN#29529126: Samba Web Administration Tool vulnerable to cross-site request forgery

Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samba. Impact When a user is logged in to SWAT as root, an attacker may change configurations in Samb...

6.8CVSS5.1AI score0.10046EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/19 7:32 a.m.•2 views

Microsoft Windows XP vulnerable to denial-of-service (DoS)

Overview Microsoft Windows XP contains a denial-of-service DoS vulnerability. Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service DoS. HIRT Hitachi Incident Response Team reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/19 12:0 a.m.•16 views

JVN#06924191: Microsoft Windows XP vulnerable to denial-of-service (DoS)

Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service DoS. Impact An attacker that can view the TCP communication of its target may cause a denial-of-service DoS. Solution Apply a workaround The following workaround may mitigate the affects of...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/16 7:44 a.m.•5 views

Aipo vulnerable to SQL injection

Overview Aipo contains a SQL injection vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Tsuyoshi Yamaguchi of Digiplate, inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.5CVSS7.6AI score0.01072EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/16 7:41 a.m.•4 views

Aipo vulnerable to cross-site request forgery

Overview Aipo contains a cross-site request forgery vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated...

6.8CVSS6.4AI score0.00586EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/16 12:0 a.m.•38 views

JVN#72854072: Aipo vulnerable to cross-site request forgery

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability. Impact If an administrative user views a malicious page while logged into Aipo, data stored within Aipo may be altered. Solution Update t...

6.8CVSS6.1AI score0.00586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/16 12:0 a.m.•29 views

JVN#31506102: Aipo vulnerable to SQL injection

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Users who can login and do not have access privileges to information in Aipo may view or alter information. The developer has confirmed that a...

7.5CVSS7.1AI score0.01072EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/12 5:6 a.m.•1 views

Internet Explorer window display vulnerability

Overview Internet Explorer contains a vulnerability where the window display may be forged. Internet Explorer contains an issue with rendering window displays, which may lead to a window display being forged. hoshikuzu|stardust reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.5AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/10 8:17 a.m.•3 views

Windows URL Protocol Handler may insecurely load executable files

Overview Windows URL Protocol Handler may use unsafe methods for determining how to load executable .exe files. Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executab...

9.3CVSS7.5AI score0.3434EPSS
Exploits5References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/10 12:0 a.m.•44 views

JVN#80404511: Windows URL Protocol Handler may insecurely load executable files

Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution...

9.3CVSS6.8AI score0.3434EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/09 1:11 a.m.•2 views

JP1/Performance Management - Web Console Cross-Site Scripting Vulnerability

Overview JP1/Performance Management - Web Console contains a cross-site scripting vulnerability. Impact A remote attacker could execute malicious script on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/09 1:10 a.m.•4 views

Arbitrary Code Execution Vulnerability in HiRDB Control Manager

Overview HiRDB Control Manager - Agent contains a vulnerability that could allow a remote attacker to execute arbitrary code when it receives an unexpected, invalid request. Impact A remote attacker could execute arbitrary code via an unexpected, invalid request. Solution Please refer to the...

10CVSS7.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/29 5:26 a.m.•8 views

Android vulnerability where an incorrect SSL certificate is displayed

Overview Android OS contains a vulnerability where an incorrect SSL certificate is displayed. Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site...

4.3CVSS6.4AI score0.00787EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/29 12:0 a.m.•32 views

JVN#43105011: Android vulnerability where an incorrect SSL certificate is displayed

Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site. Impact An attacker may trick the user into believing the site being visited is safe, which may...

4.3CVSS6AI score0.00787EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 7:31 a.m.•4 views

Mozilla Firefox vulnerable to cross-site scripting

Overview Mozilla Firefox contains a cross-site scripting vulnerability. Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

6.1CVSS5.7AI score0.00697EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 7:29 a.m.•2 views

Mozilla Firefox vulnerable to cross-site scripting

Overview Mozilla Firefox contains a cross-site scripting vulnerability. Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability...

2.6CVSS5.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 7:27 a.m.•4 views

Mozilla Firefox vulnerable to denial-of-service (DoS)

Overview Mozilla Firefox contains a denial-of-service DoS vulnerability. Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported...

6.5CVSS6.4AI score0.00562EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 7:24 a.m.•6 views

Mozilla Firefox vulnerability in processing content-length header

Overview Mozilla Firefox contains a vulnerability in the processing of content-length header. Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a malicious website ...

8.8CVSS6.4AI score0.01111EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 12:0 a.m.•40 views

JVN#70984231: Mozilla Firefox vulnerable to denial-of-service (DoS)

Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported, a denial-of-service DoS may occur. Solution Update the Software Update ...

6.5CVSS6.2AI score0.00562EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 12:0 a.m.•38 views

JVN#74649877: Mozilla Firefox vulnerable to cross-site scripting

Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided ...

6.1CVSS5.8AI score0.00697EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 12:0 a.m.•39 views

JVN#36721438: Mozilla Firefox vulnerability in processing content-length header

Mozilla Firefox contains a vulnerability in the processing of content-length header. Impact When a malicious website is viewed, a script may be injected within a response from another domain. Solution Update the software Update to the latest version according to the information provided by the...

8.8CVSS8.5AI score0.01111EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 12:0 a.m.•36 views

JVN#96950482: Mozilla Firefox vulnerable to cross-site scripting

Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...

4.3CVSS8.9AI score0.01761EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/27 7:17 a.m.•4 views

Plone vulnerable to cross-site scripting

Overview Plone contains a cross-site scripting vulnerability. Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS6AI score0.01143EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/27 12:0 a.m.•34 views

JVN#41222793: Plone vulnerable to cross-site scripting

Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the Software Update to the latest version according to the information provided by...

4.3CVSS5.7AI score0.01143EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/25 9:6 a.m.•2 views

Oracle iPlanet Web Server information disclosure vulnerability

Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains an information disclosure vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability. Impact A remote...

5CVSS6.3AI score0.02521EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/25 12:0 a.m.•34 views

JVN#47124169: Oracle iPlanet Web Server information disclosure vulnerability

Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability. Impact A remote attacker may obtain source code. Solution Update the software Update to the latest version according to information provided b...

5CVSS5.9AI score0.02521EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/15 7:32 a.m.•2 views

ASP.NET vulnerable to cross-site scripting

Overview ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability. ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the applicatio...

4.3CVSS6.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/15 7:27 a.m.•3 views

Google Search Appliance vulnerable to cross-site scripting

Overview Google Search Appliance provided by Google contains a cross-site scripting vulnerability. Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Yosuke...

4.3CVSS6.1AI score0.00489EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/15 12:0 a.m.•19 views

JVN#87908726: ASP.NET vulnerable to cross-site scripting

ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the application may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/15 12:0 a.m.•33 views

JVN#86220950: Google Search Appliance vulnerable to cross-site scripting

Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Impact An arbitrary script may executed on the user's web browser. Solution Update the software Update to...

4.3CVSS6AI score0.00489EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/08 9:29 a.m.•5 views

Internet Explorer vulnerable to cross-site scripting

Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting...

2.6CVSS5.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/08 12:0 a.m.•16 views

JVN#51325625: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Upgrade to the latest version according to the...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/05 7:56 a.m.•17 views

XnView may insecurely load executable files

Overview XnView may use unsafe methods for determining how to load executables .exe XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may...

6.9CVSS7.5AI score0.00344EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/05 7:54 a.m.•2 views

Opera vulnerable to denial-of-service (DoS)

Overview Opera contains a denial-of-service vulnerability. Opera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability. Masahiro Yamada reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS6.5AI score0.02587EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/05 12:0 a.m.•32 views

JVN#17844633: XnView may insecurely load executable files

XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...

6.9CVSS7.1AI score0.00344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/05 12:0 a.m.•35 views

JVN#47757122: Opera vulnerable to denial-of-service (DoS)

Opera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability. Impact If a user accesses a malicious URL, this may cause Opera or the system to crash. Solution Update the software Update to the latest version...

4.3CVSS7.3AI score0.02587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 9:20 a.m.•5 views

ALZip vulnerable to buffer overflow

Overview ALZip provided by ESTsoft Japan Corp. contains a buffer overflow vulnerability. ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Takahiko Funakubo of Fourteenforty Research...

9.3CVSS7.6AI score0.05539EPSS
Exploits4References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 8:57 a.m.•2 views

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...

4.3CVSS6.6AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 8:55 a.m.•3 views

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...

4.3CVSS6.6AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 8:55 a.m.•1 views

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...

4.3CVSS6.6AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 8:55 a.m.•13 views

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...

9.8CVSS8.1AI score0.87264EPSS
Exploits14References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 8:54 a.m.•5 views

Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory

Overview When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the modheaders module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been...

5.1CVSS8.9AI score0.18443EPSS
Exploits2References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 12:0 a.m.•32 views

JVN#01547302: ALZip vulnerable to buffer overflow

ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Impact When opening a specially crafted file, arbitrary code may be executed. Solution Re-install the software Download ALZip 8.21 after...

9.3CVSS7.1AI score0.05539EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 10:23 a.m.•5 views

Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office contains a cross-site scripting vulnerability. Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...

4.3CVSS6AI score0.01263EPSS
Exploits0References8
Total number of security vulnerabilities5625