5625 matches found
e107 vulnerable to cross-site scripting
Overview e107 contains a cross-site scripting vulnerability. e107 provided by e107.org is a Content Management System CMS software. e107 contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Securi...
JVN#99977321: Picasa may insecurely load executable files
Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the runni...
JVN#01635457: e107 vulnerable to cross-site scripting
e107 provided by e107.org is a Content Management System CMS software. e107 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...
IBM Tivoli vulnerable to denial-of-service (DoS)
Overview IBM Tivoli contains a denial-of-service DoS vulnerability. IBM Tivoli contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. A wide range of products are affected. For more information, refer to the vendor's website. Impact A remote attacker may...
JVN#81294135: IBM Tivoli vulnerable to denial-of-service (DoS)
IBM Tivoli contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products Affected A wid...
JP1/NETM/DM Denial of Service (DoS) Vulnerability
Overview JP1/NETM/DM contains a denial of service DoS vulnerability. Impact A local attacker could access the JP1/NETM/DM files and a remote attacker could cause a denial of service DoS condition on the affected system. Solution Please refer to the 'Vendor Information' section for the official...
OTRS vulnerable to OS command injection
Overview OTRS contains an OS command injection vulnerability. OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#73162541: OTRS vulnerable to OS command injection
OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of OTRS on the server where it is installed. Solution Update the software Update to the latest version according...
IBM DB2 vulnerable to denial-of-service (DoS)
Overview IBM DB2 contains a denial-of-service DoS vulnerability. IBM DB2 contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact An attacker that can create or execute stored procedures may cause a denial-of-service DoS. Solution Apply a workaround...
IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
Overview IBM WebSphere Application Server WAS contains a denial-of-service DoS vulnerability. IBM WebSphere Application Server contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. According to the developer: " For other IBM software products that contain...
IBM Lotus vulnerable to denial-of-service (DoS)
Overview IBM Lotus product line contains a denial-of-service DoS vulnerability. IBM Lotus product line contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the...
JVN#26301278: IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
IBM WebSphere Application Server contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer...
JVN#16308183: IBM DB2 vulnerable to denial-of-service (DoS)
IBM DB2 contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact An attacker that can create or execute stored procedures may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by th...
JVN#97334690: IBM Lotus vulnerable to denial-of-service (DoS)
IBM Lotus product line contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products...
Multiple Things CGI products vulnerable to cross-site scripting
Overview Multiple CGI products provided by Things contain a cross-site scripting vulnerability. BBS and BBS Thread provided by Things are bulletin board software. BBS and BBS Thread contain a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
JVN#20982938: Multiple Things CGI products vulnerable to cross-site scripting
BBS and BBS Thread provided by Things are bulletin board software. BBS and BBS Thread contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided...
SEIL Series routers vulnerable to buffer overflow
Overview SEIL Series routers contain a buffer overflow vulnerability. The PPP Access Concentrator PPPAC contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets. Impact An attacker may be able to execute arbitrary code. Accoding to the developer, all...
JVN#88991166: SEIL Series routers vulnerable to buffer overflow
The PPP Access Concentrator PPPAC contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets. Impact An attacker may be able to execute arbitrary code. Accoding to the developer, all versions of SEIL/86, SEIL/B1, SEIL/X1, SEIL/X2 3.00 through 3.11 proce...
Lunascape may insecurely load executable files
Overview Lunascape may use unsafe methods for determining how to load executables .exe. Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki...
JVN#38362957: Lunascape may insecurely load executable files
Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Upda...
F-Secure Internet Gatekeeper for Linux authentication issue
Overview F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation contains an issue where authentication is not present. F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation is an anti-virus product. F-Secure Internet Gatekeeper for Linux contains an issue where...
JVN#71542734: F-Secure Internet Gatekeeper for Linux authentication issue
F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation is an anti-virus product. F-Secure Internet Gatekeeper for Linux contains an issue where authentication is not present. Impact A remote attacker may view access logs that are stored by the product. Solution Update the firmwar...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilitie...
Opera may insecurely load executable files
Overview Opera may use unsafe methods for determining how to load executables .exe. Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reporte...
JVN#84393059: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...
JVN#33880169: Opera may insecurely load executable files
Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...
MODx Evolution vulnerable to directory traversal
Overview MODx Evolution contains a directory traversal vulnerability. MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update th...
MODx Evolution vulnerable to SQL injection
Overview MODx Evolution contains a SQL injection vulnerability. MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx Evolution contains SQL injection vulnerability. Impact A remote attacker may execute arbitrary PHP code as a result of SQL injection. Solution...
JVN#54092716: MODx Evolution vulnerable to SQL injection
MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx Evolution contains SQL injection vulnerability. Impact A remote attacker may execute arbitrary PHP code as a result of SQL injection. Solution Update the software Update to the latest version according to the...
JVN#95385972: MODx Evolution vulnerable to directory traversal
MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update the software Update to the latest version according to the information...
Lunascape may insecurely load dynamic libraries
Overview Lunascape may use unsafe methods for determining how to load DLLs. Lunascape is a web browser. Lunascape loads certain DLL's when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported...
Cisco Linksys WRT54GC vulnerable to buffer overflow
Overview Cisco Linksys WRT54GC provided by Cisco Systems contains a buffer overflow vulnerability. Cisco Linksys WRT54GC provided by Cisco Systems is a network router. Cisco Linksys WRT54GC contains a buffer overflow vulnerability. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this...
JVN#94695018: Lunascape may insecurely load dynamic libraries
Lunascape is a web browser. Lunascape loads certain DLL's when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution...
JVN#26605630: Cisco Linksys WRT54GC vulnerable to buffer overflow
Cisco Linksys WRT54GC provided by Cisco Systems is a network router. Cisco Linksys WRT54GC contains a buffer overflow vulnerability. Impact When processing a specially crafted HTTP request, the router may crash resulting in a denial-of-service DoS. Solution Update the software Update to the lates...
Cross-site scripting vulnerability in multiple Rocomotion products
Overview Multiple products provided by Rocomotion contain a cross-site scripting vulnerablility. Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Saeki Tominaga of KINOTROPE INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Ruby Version Manager escape sequence injection vulnerability
Overview Ruby Version Manager contains an escape sequence injection vulnerability. Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As...
JVN#09115481: Cross-site scripting vulnerability in multiple Rocomotion products
Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. This issue h...
JVN#30414126: Ruby Version Manager escape sequence injection vulnerability
Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As a result, the string that is output on the terminal may contain an arbitrary escap...
Aipo vulnerable to SQL injection
Overview Aipo contains SQL injection vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution...
SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
Overview SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA...
Contents-Mall vulnerability in password handling
Overview Contents-Mall contains a vulnerability in the way it handles passwords. Contents-Mall is a shopping cart software for digital contents. Contents-Mall contains a vulnerability in the way it handles passwords. Impact The administrative password may be disclosed. As a result, information...
JVN#86347943: SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provid...
JVN#53293565: Contents-Mall vulnerability in password handling
Contents-Mall is a shopping cart software for digital contents. Contents-Mall contains a vulnerability in the way it handles passwords. Impact The administrative password may be disclosed. As a result, information stored by the software may be viewed or altered. Solution Updatethe software Update...
JVN#50704770: Aipo vulnerable to SQL injection
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution Update the Software Update to the latest version...
SquirrelMail vulnerable to cross-site request forgery
Overview SquirrelMail contains a cross-site request forgery vulnerability. SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. Daiki...
SquirrelMail vulnerable to cross-site scripting
Overview SquirrelMail contains a cross-site scripting vulnerability. SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Yosuk...
JVN#30881447: SquirrelMail vulnerable to cross-site request forgery
SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. Impact A remote attacker may send an arbitrary email or change the settings...
JVN#09157962: SquirrelMail vulnerable to cross-site scripting
SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser...
Access Control Security Bypass Vulnerability in Interstage Application Server
Overview Interstage Application Server has an access control security bypass vulnerability which could allow an attacker to access and execute a request from the IP address that should be denied. Impact A remote attacker could access and execute a request from the IP address that should be denied...
Buffer Overflow Vulnerability in Hitachi Groupmax Related Products
Overview Hitachi Groupmax-related products have a buffer overflow vulnerability. Impact A remote attacker could cause a denial of service DoS condition on the target system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...