Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/20 8:40 a.m.•5 views

Lhaplus may insecurely load executable files

Overview Lhaplus may use unsafe methods for determining how to load executables .exe. Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables .exe when extracting files. Lhaplus contains an issue with the file search path, which may...

6.9CVSS7.5AI score0.00295EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/20 12:0 a.m.•34 views

JVN#85599999: Explzh may insecurely load executable files

Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables .exe when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privile...

6.9CVSS7.2AI score0.00365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/20 12:0 a.m.•38 views

JVN#68536660: Archive Decoder may insecurely load executable files

Archive Decoder is a file extraction software that supports multiple file formats. Archive Decoder loads certain executables .exe when extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary cod...

6.9CVSS7.2AI score0.00283EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/18 10:37 a.m.•3 views

Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server

Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains a cross-site request forgery vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Yoshihiro...

5.8CVSS6.5AI score0.02371EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/18 10:36 a.m.•5 views

Lhasa may insecurely load executable files

Overview Lhasa may use unsafe methods for determining how to load executables .exe. Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load...

6.9CVSS7.5AI score0.00283EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/18 10:36 a.m.•4 views

Lhaplus may insecurely load dynamic libraries

Overview Lhaplus may use unsafe methods for determining how to load DLLs. Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely...

6.9CVSS7.5AI score0.00295EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/18 12:0 a.m.•42 views

JVN#50133036: Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server

Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into the Oracle iPlanet Web Server management console, an arbitrary instance may be...

5.8CVSS5.9AI score0.02371EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/15 12:0 a.m.•52 views

JVN#36921800: K2Editor may insecurely load executable files

K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privileg...

6.9CVSS7.2AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/15 12:0 a.m.•34 views

JVN#18774708: Lhaplus may insecurely load executable files

Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables .exe when extracting files. Lhaplus contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...

6.9CVSS7.1AI score0.00295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/15 12:0 a.m.•26 views

JVN#04665167: XacRett may insecurely load executable files

XacRett is a file extraction software that supports many file formats. XacRett loads certain executables .exe when extracting files. XacRett contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of...

9.3CVSS7.2AI score0.02218EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/13 7:58 a.m.•2 views

Multiple Vulnerabilities in Groupmax Scheduler Server

Overview A denial of service DoS or arbitrary file manipulation vulnerability has been reported in multiple Hitachi products. Impact A remote attacker could cause a denial of service DoS condition or manipulate arbitrary files. Solution Please refer to the 'Vendor Information' section for the...

8.5CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/13 7:58 a.m.•3 views

Phishing Vulnerability in Accela BizSearch Document View Window

Overview The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to: display a fraudulent web page over a legitimate web page steal cookies stored in browser place arbitrary cookies into browser Impact A remote attacker could...

5.8CVSS6.9AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/12 12:0 a.m.•35 views

JVN#88850043: Lhasa may insecurely load executable files

Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running...

6.9CVSS7.1AI score0.00283EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/12 12:0 a.m.•24 views

JVN#82752978: Lhaplus may insecurely load dynamic libraries

Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with...

6.9CVSS7.2AI score0.00295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/05 10:31 a.m.•2 views

AD-EDIT2 vulnerable to cross-site scripting

Overview AD-EDIT2 contains a cross-site scripting vulnerability. AD-EDIT2 is a Contents Management System CMS software. AD-EDIT2 contains a cross-site scripting vulnerability. Seiei Higa of IT College Okinawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS6.1AI score0.01042EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/05 12:0 a.m.•26 views

JVN#69191943: AD-EDIT2 vulnerable to cross-site scripting

AD-EDIT2 is a Contents Management System CMS software. AD-EDIT2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...

4.3CVSS5.9AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/21 5:10 a.m.•4 views

JP1/NETM/Remote Control Agent Authentication Bypass Vulnerability

Overview A vulnerability in the file transfer feature in the JP1/NETM/Remote Control Agent may allow authentication bypass. Impact A remote attacker could manipulate arbitrary files on the system installed with the Remote Control Agent. Solution ease refer to the 'Vendor Information' section for...

6.4CVSS7.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/15 4:46 a.m.•2 views

Denial of Service (DoS) Vulnerability in JP1/Desktop Navigation Built-in Database

Overview When JP1/Desktop Navigation used in a cluster environment receives unexpected data, the built-in database process and unit abend, which may cause the management server service to fall into a denial of service DoS condition. Impact A remote attacker could cause a denial of service DoS...

7.8CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/15 4:45 a.m.•3 views

Denial of Service (DoS) Vulnerability in Hitachi Storage Command Suite Built-in Database

Overview A built-in database in Hitachi Storage Command Suite HSCS abends upon receiving maliciously-crafted data intended to exploit its denial of service DoS vulnerability. As a result, HSCS may become not operational or shutdown, for example, making operations from the screen and access to the...

7.8CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/10 8:25 a.m.•3 views

Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Overview Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI...

4.3CVSS6.2AI score0.01053EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/10 12:0 a.m.•26 views

JVN#35605523: Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Impact An arbitrary script may be executed on the user...

4.3CVSS6.1AI score0.01053EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/01 5:12 a.m.•2 views

Denial of Service (DoS) Vulnerability in JP1/NETM

Overview A Built-in database in JP1/NETM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be restarted by rebooting JP1/IM. Impact A remote...

5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/01 5:12 a.m.•2 views

Denial of Service (DoS) Vulnerability in JP1/Integrated Manager and JP1/Integrated Management

Overview A Built-in database in JP1/Integrated Manager and JP1/Integrated Management JP1/IM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/01 5:12 a.m.•3 views

Denial of Service (DoS) Vulnerability in JP1/PAM

Overview A Built-in database in JP1/Performance Analysis - Manager and JP1/Performance Management - Analysis Manager JP1/PAM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/01 5:11 a.m.•4 views

Denial of Service (DoS) Vulnerability in JP1/AJS Built-in Database

Overview A Built-in database used by JP1/Automatic Job Management System 3 JP1/AJS3 - Manager and JP1/Automatic Job Management System 2 JP1/AJS2 - Manager contains a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. As a result, Job operations of...

5CVSS7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/01 5:11 a.m.•2 views

Denial of Service (DoS) Vulnerability in JP1/ServerConductor/Control Manager

Overview A built-in database in JP1/ServerConductor/Control Manager contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be restarted by rebooting th...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/01 5:11 a.m.•2 views

Denial of Service (DoS) Vulnerability in Cosminexus

Overview Cosminexus series products contain a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. After it abends, the service can be restarted by rebooting the system. Impact A remote attacker could cause a denial of service DoS condition. Solution...

7.8CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/31 5:16 a.m.•3 views

moobbs2 vulnerable to cross-site scripting

Overview moobbs2 contains a cross-site scripting vulnerability. moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5CVSS6.1AI score0.01033EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/31 5:16 a.m.•1 views

moobbs vulnerable to cross-site scripting

Overview moobbs contains a cross-site scripting vulnerability. moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5CVSS6.1AI score0.01033EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/31 12:0 a.m.•28 views

JVN#24423311: moobbs vulnerable to cross-site scripting

moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS5.9AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/31 12:0 a.m.•30 views

JVN#75101998: moobbs2 vulnerable to cross-site scripting

moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...

4.3CVSS5.9AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/25 4:54 a.m.•2 views

SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability

Overview SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does not properly function in strict mode. SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does...

5.8CVSS6.8AI score0.01864EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/25 12:0 a.m.•28 views

JVN#12683004: SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability

SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does not properly function in strict mode. Impact Packets that should be discarded, such as when an IP address is spoofed, may be transferred without being...

5.8CVSS6.4AI score0.01864EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 8:18 a.m.•1 views

Winny vulnerable to buffer overflow

Overview Winny contains a buffer overflow vulnerability. Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Moti Joseph and Kobi Pariente reported this vulnerability to JPCERT/CC. JPCERT/CC...

7.5CVSS7.5AI score0.03372EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 8:18 a.m.•2 views

Winny vulnerable to buffer overflow

Overview Winny contains a buffer overflow vulnerability. Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN91740962 and JVN74294680. Makoto Iwamura of NTT Information Sharing Platform Laboratories reported this...

7.5CVSS7.5AI score0.03372EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 8:17 a.m.•2 views

Winny node information processing vulnerability

Overview Winny contains a vulnerability in the processing of node information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service DDoS attacks. Fuyumasa Takatsu of University of...

10CVSS6.7AI score0.01446EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 8:17 a.m.•3 views

Winny BBS information processing vulnerability

Overview Winny contains a vulnerability in the processing of BBS information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Yuji Ukai of eEye Digital Security...

10CVSS6.7AI score0.01446EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 12:0 a.m.•36 views

JVN#25393522: Winny node information processing vulnerability

Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service DDoS attacks. Impact A user may take part in a DDoS attack by a remote attacker. Solution Do not use Winny Please discontinue use o...

10CVSS6.5AI score0.01446EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 12:0 a.m.•40 views

JVN#91740962: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

7.5CVSS7.2AI score0.03372EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 12:0 a.m.•28 views

JVN#54336184: Winny BBS information processing vulnerability

Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Impact A user may take part in a DDoS attack by a remote attacker. Solution Do not use Winny Please discontinue use of...

10CVSS6.5AI score0.01446EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 12:0 a.m.•23 views

JVN#21471805: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN91740962 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

7.5CVSS7.2AI score0.03372EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/13 9:44 a.m.•2 views

Microsoft Windows denial of service (DoS) vulnerability

Overview Microsoft Windows contains a denial of service DoS vulnerability. Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Darren Willis of Fourteenforty Research Institute Inc. reported this vulnerability to IPA. JPCERT/CC...

7.8CVSS6.6AI score0.61997EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/13 12:0 a.m.•59 views

JVN#86832361 Microsoft Windows denial of service (DoS) vulnerability

Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Impact A remote attacker could possibly cause a denial of service DoS by sending specially crafted IPv6 packets. Solution Update the software Update to the latest version...

7.8CVSS6.3AI score0.61997EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/10 3:14 a.m.•0 views

Arbitrary Code Execution Vulnerability in JP1/Cm2/Network Node Manager

Overview JP1/Cm2/Network Node Manager contains a vulnerability that could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...

10CVSS7.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/10 3:13 a.m.•2 views

Denial of Service (DoS) Vulnerability in HiRDB

Overview HiRDB contains a vulnerability that could cause a denial of service DoS condition. The vulnerability is due to the HiRDB process and unit abending when the HiRDB process receives unexpected data. After the HiRDB unit abends, the service can be restarted by rebooting HiRDB. Impact A remot...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/07/28 9:14 a.m.•1 views

Internet Navigware Server Information Disclosure Vulnerability

Overview Internet Navigware Server is vulnerable to information disclosure or data tampering. Impact A remote attacker could disclose or alter information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.5CVSS6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/29 6:35 a.m.•1 views

Forced Shutdown or Restart with JP1/ServerConductor/Deployment Manager

Overview JP1/ServerConductor/Deployment Manager's Client Service for DPM has a vulnerability which could cause a shutdown or restart of the client computer when receiving ill-formed data. Impact A remote attacker could shut down or restart the target system. Solution Please refer to the 'Vendor...

7.8CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/22 7:37 a.m.•2 views

Explzh buffer overflow vulnerability

Overview Explzh contains a buffer overflow vulnerability. Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Note that versions of Explzh that contain "Arcext.dll" version 2.16...

9.3CVSS7.7AI score0.05359EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/22 2:24 a.m.•2 views

Cross-Site Scripting Vulnerability in Interstage Portalworks and Interstage Interaction Manager Portal Function

Overview The portal function of Interstage Portalworks and Interstage Interaction Manager is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected browser. Solution Please refer to the 'Vendor Information' section for the official...

5CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/22 2:23 a.m.•1 views

Groupmax World Wide Web Desktop Cross-Site Scripting Vulnerability

Overview Groupmax World Wide Web Desktop is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5CVSS6.9AI score
Exploits0References2
Total number of security vulnerabilities5625