5609 matches found
SEIL Series routers vulnerable to buffer overflow
Overview SEIL Series routers contain a buffer overflow vulnerability. The PPP Access Concentrator PPPAC contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets. Impact An attacker may be able to execute arbitrary code. Accoding to the developer, all...
JVN#88991166: SEIL Series routers vulnerable to buffer overflow
The PPP Access Concentrator PPPAC contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets. Impact An attacker may be able to execute arbitrary code. Accoding to the developer, all versions of SEIL/86, SEIL/B1, SEIL/X1, SEIL/X2 3.00 through 3.11 proce...
Lunascape may insecurely load executable files
Overview Lunascape may use unsafe methods for determining how to load executables .exe. Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki...
JVN#38362957: Lunascape may insecurely load executable files
Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Upda...
F-Secure Internet Gatekeeper for Linux authentication issue
Overview F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation contains an issue where authentication is not present. F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation is an anti-virus product. F-Secure Internet Gatekeeper for Linux contains an issue where...
JVN#71542734: F-Secure Internet Gatekeeper for Linux authentication issue
F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation is an anti-virus product. F-Secure Internet Gatekeeper for Linux contains an issue where authentication is not present. Impact A remote attacker may view access logs that are stored by the product. Solution Update the firmwar...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilitie...
Opera may insecurely load executable files
Overview Opera may use unsafe methods for determining how to load executables .exe. Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reporte...
JVN#33880169: Opera may insecurely load executable files
Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...
JVN#84393059: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...
MODx Evolution vulnerable to directory traversal
Overview MODx Evolution contains a directory traversal vulnerability. MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update th...
MODx Evolution vulnerable to SQL injection
Overview MODx Evolution contains a SQL injection vulnerability. MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx Evolution contains SQL injection vulnerability. Impact A remote attacker may execute arbitrary PHP code as a result of SQL injection. Solution...
JVN#54092716: MODx Evolution vulnerable to SQL injection
MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx Evolution contains SQL injection vulnerability. Impact A remote attacker may execute arbitrary PHP code as a result of SQL injection. Solution Update the software Update to the latest version according to the...
JVN#95385972: MODx Evolution vulnerable to directory traversal
MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update the software Update to the latest version according to the information...
Lunascape may insecurely load dynamic libraries
Overview Lunascape may use unsafe methods for determining how to load DLLs. Lunascape is a web browser. Lunascape loads certain DLL's when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported...
Cisco Linksys WRT54GC vulnerable to buffer overflow
Overview Cisco Linksys WRT54GC provided by Cisco Systems contains a buffer overflow vulnerability. Cisco Linksys WRT54GC provided by Cisco Systems is a network router. Cisco Linksys WRT54GC contains a buffer overflow vulnerability. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this...
JVN#26605630: Cisco Linksys WRT54GC vulnerable to buffer overflow
Cisco Linksys WRT54GC provided by Cisco Systems is a network router. Cisco Linksys WRT54GC contains a buffer overflow vulnerability. Impact When processing a specially crafted HTTP request, the router may crash resulting in a denial-of-service DoS. Solution Update the software Update to the lates...
JVN#94695018: Lunascape may insecurely load dynamic libraries
Lunascape is a web browser. Lunascape loads certain DLL's when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution...
Cross-site scripting vulnerability in multiple Rocomotion products
Overview Multiple products provided by Rocomotion contain a cross-site scripting vulnerablility. Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Saeki Tominaga of KINOTROPE INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Ruby Version Manager escape sequence injection vulnerability
Overview Ruby Version Manager contains an escape sequence injection vulnerability. Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As...
JVN#30414126: Ruby Version Manager escape sequence injection vulnerability
Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As a result, the string that is output on the terminal may contain an arbitrary escap...
JVN#09115481: Cross-site scripting vulnerability in multiple Rocomotion products
Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. This issue h...
Aipo vulnerable to SQL injection
Overview Aipo contains SQL injection vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution...
SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
Overview SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA...
Contents-Mall vulnerability in password handling
Overview Contents-Mall contains a vulnerability in the way it handles passwords. Contents-Mall is a shopping cart software for digital contents. Contents-Mall contains a vulnerability in the way it handles passwords. Impact The administrative password may be disclosed. As a result, information...
JVN#86347943: SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provid...
JVN#50704770: Aipo vulnerable to SQL injection
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution Update the Software Update to the latest version...
JVN#53293565: Contents-Mall vulnerability in password handling
Contents-Mall is a shopping cart software for digital contents. Contents-Mall contains a vulnerability in the way it handles passwords. Impact The administrative password may be disclosed. As a result, information stored by the software may be viewed or altered. Solution Updatethe software Update...
SquirrelMail vulnerable to cross-site request forgery
Overview SquirrelMail contains a cross-site request forgery vulnerability. SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. Daiki...
SquirrelMail vulnerable to cross-site scripting
Overview SquirrelMail contains a cross-site scripting vulnerability. SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Yosuk...
JVN#30881447: SquirrelMail vulnerable to cross-site request forgery
SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. Impact A remote attacker may send an arbitrary email or change the settings...
JVN#09157962: SquirrelMail vulnerable to cross-site scripting
SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser...
Access Control Security Bypass Vulnerability in Interstage Application Server
Overview Interstage Application Server has an access control security bypass vulnerability which could allow an attacker to access and execute a request from the IP address that should be denied. Impact A remote attacker could access and execute a request from the IP address that should be denied...
Buffer Overflow Vulnerability in Hitachi Groupmax Related Products
Overview Hitachi Groupmax-related products have a buffer overflow vulnerability. Impact A remote attacker could cause a denial of service DoS condition on the target system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
AttacheCase may insecurely load executable files
Overview AttacheCase may use unsafe methods for determining how to load executables .exe. AttacheCase is a file encryption/decryption software. AttacheCase loads certain executables .exe when decrypting files, if certain settings are applied. AttacheCase contains an issue with the file search pat...
JVN#02175694: AttacheCase may insecurely load executable files
AttacheCase is a file encryption/decryption software. AttacheCase loads certain executables .exe when decrypting files, if certain settings are applied. AttacheCase contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code wi...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or ShiftJIS encoded characters, which may result in cross-site...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Fo...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a cross-site scripting vulnerability due to the way file types are determined. Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. For more information, refer to the information...
JVN#30273074: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Produc...
JVN#21120853: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or ShiftJIS encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by...
JVN#33301529: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft...
JVN#62275332: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Products Affected Internet...
EUR Form Client Arbitrary File Execution Vulnerability
Overview EUR Form Client has an arbitrary file execution vulnerability. Impact A remote attacker could execute arbitrary file on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Interstage Application Server Information Disclosure Vulnerability
Overview Interstage Application Server has an information disclosure vulnerability when used in a J2EE environment. Impact By taking the specific steps, a remote attacker could access the files and directories in the server to which J2EE applications are deployed, and the confidential information...
Movable Type vulnerable to SQL injection
Overview Movable Type contains SQL injection vulnerability. Movable Type, a web log system from Six Apart KK, contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according ...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...
Vulnerability in Epson printer driver installer where access permissions are changed
Overview A vulnerability in printer driver installers provided by Epson cause access permissions to a certain folder on the system to be changed. When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. A...
JVN#78536512: Movable Type vulnerable to SQL injection
Movable Type, a web log system from Six Apart KK, contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...