5625 matches found
JVN#71435255: Multiple vulnerabilities in Phorum
Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Impact An arbitrary file may be uploaded or an arbitrary script may be executed on the web browser of a user that is logged in. Solution Update the software Update to the lates...
Samba Web Administration Tool vulnerable to cross-site scripting
Overview Samba Web Administration Tool contains a cross-site scripting vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. nobuhiro tsuji...
Samba Web Administration Tool vulnerable to cross-site request forgery
Overview Samba Web Administration Tool SWAT contains a cross-site request forgery vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samb...
WebsiteBaker vulnerable to cross-site scripting
Overview WebsiteBaker contains a cross-site scripting vulnerability. WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#63041502: Samba Web Administration Tool vulnerable to cross-site scripting
Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. Impact An arbitrary script may be executed on the web browser of a user that is logged into SWAT...
JVN#02134508: WebsiteBaker vulnerable to cross-site scripting
WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to Lepton CMS according to the information provided by the developer. Products...
JVN#29529126: Samba Web Administration Tool vulnerable to cross-site request forgery
Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samba. Impact When a user is logged in to SWAT as root, an attacker may change configurations in Samb...
Microsoft Windows XP vulnerable to denial-of-service (DoS)
Overview Microsoft Windows XP contains a denial-of-service DoS vulnerability. Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service DoS. HIRT Hitachi Incident Response Team reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#06924191: Microsoft Windows XP vulnerable to denial-of-service (DoS)
Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service DoS. Impact An attacker that can view the TCP communication of its target may cause a denial-of-service DoS. Solution Apply a workaround The following workaround may mitigate the affects of...
Aipo vulnerable to SQL injection
Overview Aipo contains a SQL injection vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Tsuyoshi Yamaguchi of Digiplate, inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
Aipo vulnerable to cross-site request forgery
Overview Aipo contains a cross-site request forgery vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#72854072: Aipo vulnerable to cross-site request forgery
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability. Impact If an administrative user views a malicious page while logged into Aipo, data stored within Aipo may be altered. Solution Update t...
JVN#31506102: Aipo vulnerable to SQL injection
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Users who can login and do not have access privileges to information in Aipo may view or alter information. The developer has confirmed that a...
Internet Explorer window display vulnerability
Overview Internet Explorer contains a vulnerability where the window display may be forged. Internet Explorer contains an issue with rendering window displays, which may lead to a window display being forged. hoshikuzu|stardust reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Windows URL Protocol Handler may insecurely load executable files
Overview Windows URL Protocol Handler may use unsafe methods for determining how to load executable .exe files. Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executab...
JVN#80404511: Windows URL Protocol Handler may insecurely load executable files
Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution...
JP1/Performance Management - Web Console Cross-Site Scripting Vulnerability
Overview JP1/Performance Management - Web Console contains a cross-site scripting vulnerability. Impact A remote attacker could execute malicious script on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Arbitrary Code Execution Vulnerability in HiRDB Control Manager
Overview HiRDB Control Manager - Agent contains a vulnerability that could allow a remote attacker to execute arbitrary code when it receives an unexpected, invalid request. Impact A remote attacker could execute arbitrary code via an unexpected, invalid request. Solution Please refer to the...
Android vulnerability where an incorrect SSL certificate is displayed
Overview Android OS contains a vulnerability where an incorrect SSL certificate is displayed. Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site...
JVN#43105011: Android vulnerability where an incorrect SSL certificate is displayed
Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site. Impact An attacker may trick the user into believing the site being visited is safe, which may...
Mozilla Firefox vulnerable to cross-site scripting
Overview Mozilla Firefox contains a cross-site scripting vulnerability. Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...
Mozilla Firefox vulnerable to cross-site scripting
Overview Mozilla Firefox contains a cross-site scripting vulnerability. Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability...
Mozilla Firefox vulnerable to denial-of-service (DoS)
Overview Mozilla Firefox contains a denial-of-service DoS vulnerability. Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported...
Mozilla Firefox vulnerability in processing content-length header
Overview Mozilla Firefox contains a vulnerability in the processing of content-length header. Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a malicious website ...
JVN#70984231: Mozilla Firefox vulnerable to denial-of-service (DoS)
Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported, a denial-of-service DoS may occur. Solution Update the Software Update ...
JVN#74649877: Mozilla Firefox vulnerable to cross-site scripting
Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided ...
JVN#36721438: Mozilla Firefox vulnerability in processing content-length header
Mozilla Firefox contains a vulnerability in the processing of content-length header. Impact When a malicious website is viewed, a script may be injected within a response from another domain. Solution Update the software Update to the latest version according to the information provided by the...
JVN#96950482: Mozilla Firefox vulnerable to cross-site scripting
Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...
Plone vulnerable to cross-site scripting
Overview Plone contains a cross-site scripting vulnerability. Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#41222793: Plone vulnerable to cross-site scripting
Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the Software Update to the latest version according to the information provided by...
Oracle iPlanet Web Server information disclosure vulnerability
Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains an information disclosure vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability. Impact A remote...
JVN#47124169: Oracle iPlanet Web Server information disclosure vulnerability
Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability. Impact A remote attacker may obtain source code. Solution Update the software Update to the latest version according to information provided b...
ASP.NET vulnerable to cross-site scripting
Overview ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability. ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the applicatio...
Google Search Appliance vulnerable to cross-site scripting
Overview Google Search Appliance provided by Google contains a cross-site scripting vulnerability. Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Yosuke...
JVN#87908726: ASP.NET vulnerable to cross-site scripting
ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the application may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...
JVN#86220950: Google Search Appliance vulnerable to cross-site scripting
Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Impact An arbitrary script may executed on the user's web browser. Solution Update the software Update to...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting...
JVN#51325625: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Upgrade to the latest version according to the...
XnView may insecurely load executable files
Overview XnView may use unsafe methods for determining how to load executables .exe XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may...
Opera vulnerable to denial-of-service (DoS)
Overview Opera contains a denial-of-service vulnerability. Opera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability. Masahiro Yamada reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#17844633: XnView may insecurely load executable files
XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...
JVN#47757122: Opera vulnerable to denial-of-service (DoS)
Opera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability. Impact If a user accesses a malicious URL, this may cause Opera or the system to crash. Solution Update the software Update to the latest version...
ALZip vulnerable to buffer overflow
Overview ALZip provided by ESTsoft Japan Corp. contains a buffer overflow vulnerability. ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Takahiko Funakubo of Fourteenforty Research...
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...
Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol
Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...
Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory
Overview When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the modheaders module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been...
JVN#01547302: ALZip vulnerable to buffer overflow
ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Impact When opening a specially crafted file, arbitrary code may be executed. Solution Re-install the software Download ALZip 8.21 after...
Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office contains a cross-site scripting vulnerability. Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...