5625 matches found
Lhaplus may insecurely load executable files
Overview Lhaplus may use unsafe methods for determining how to load executables .exe. Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables .exe when extracting files. Lhaplus contains an issue with the file search path, which may...
JVN#85599999: Explzh may insecurely load executable files
Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables .exe when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privile...
JVN#68536660: Archive Decoder may insecurely load executable files
Archive Decoder is a file extraction software that supports multiple file formats. Archive Decoder loads certain executables .exe when extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary cod...
Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server
Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains a cross-site request forgery vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Yoshihiro...
Lhasa may insecurely load executable files
Overview Lhasa may use unsafe methods for determining how to load executables .exe. Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load...
Lhaplus may insecurely load dynamic libraries
Overview Lhaplus may use unsafe methods for determining how to load DLLs. Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely...
JVN#50133036: Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server
Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into the Oracle iPlanet Web Server management console, an arbitrary instance may be...
JVN#36921800: K2Editor may insecurely load executable files
K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privileg...
JVN#18774708: Lhaplus may insecurely load executable files
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables .exe when extracting files. Lhaplus contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...
JVN#04665167: XacRett may insecurely load executable files
XacRett is a file extraction software that supports many file formats. XacRett loads certain executables .exe when extracting files. XacRett contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of...
Multiple Vulnerabilities in Groupmax Scheduler Server
Overview A denial of service DoS or arbitrary file manipulation vulnerability has been reported in multiple Hitachi products. Impact A remote attacker could cause a denial of service DoS condition or manipulate arbitrary files. Solution Please refer to the 'Vendor Information' section for the...
Phishing Vulnerability in Accela BizSearch Document View Window
Overview The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to: display a fraudulent web page over a legitimate web page steal cookies stored in browser place arbitrary cookies into browser Impact A remote attacker could...
JVN#88850043: Lhasa may insecurely load executable files
Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running...
JVN#82752978: Lhaplus may insecurely load dynamic libraries
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with...
AD-EDIT2 vulnerable to cross-site scripting
Overview AD-EDIT2 contains a cross-site scripting vulnerability. AD-EDIT2 is a Contents Management System CMS software. AD-EDIT2 contains a cross-site scripting vulnerability. Seiei Higa of IT College Okinawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#69191943: AD-EDIT2 vulnerable to cross-site scripting
AD-EDIT2 is a Contents Management System CMS software. AD-EDIT2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...
JP1/NETM/Remote Control Agent Authentication Bypass Vulnerability
Overview A vulnerability in the file transfer feature in the JP1/NETM/Remote Control Agent may allow authentication bypass. Impact A remote attacker could manipulate arbitrary files on the system installed with the Remote Control Agent. Solution ease refer to the 'Vendor Information' section for...
Denial of Service (DoS) Vulnerability in JP1/Desktop Navigation Built-in Database
Overview When JP1/Desktop Navigation used in a cluster environment receives unexpected data, the built-in database process and unit abend, which may cause the management server service to fall into a denial of service DoS condition. Impact A remote attacker could cause a denial of service DoS...
Denial of Service (DoS) Vulnerability in Hitachi Storage Command Suite Built-in Database
Overview A built-in database in Hitachi Storage Command Suite HSCS abends upon receiving maliciously-crafted data intended to exploit its denial of service DoS vulnerability. As a result, HSCS may become not operational or shutdown, for example, making operations from the screen and access to the...
Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Overview Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI...
JVN#35605523: Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Impact An arbitrary script may be executed on the user...
Denial of Service (DoS) Vulnerability in JP1/NETM
Overview A Built-in database in JP1/NETM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be restarted by rebooting JP1/IM. Impact A remote...
Denial of Service (DoS) Vulnerability in JP1/Integrated Manager and JP1/Integrated Management
Overview A Built-in database in JP1/Integrated Manager and JP1/Integrated Management JP1/IM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be...
Denial of Service (DoS) Vulnerability in JP1/PAM
Overview A Built-in database in JP1/Performance Analysis - Manager and JP1/Performance Management - Analysis Manager JP1/PAM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the...
Denial of Service (DoS) Vulnerability in JP1/AJS Built-in Database
Overview A Built-in database used by JP1/Automatic Job Management System 3 JP1/AJS3 - Manager and JP1/Automatic Job Management System 2 JP1/AJS2 - Manager contains a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. As a result, Job operations of...
Denial of Service (DoS) Vulnerability in JP1/ServerConductor/Control Manager
Overview A built-in database in JP1/ServerConductor/Control Manager contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be restarted by rebooting th...
Denial of Service (DoS) Vulnerability in Cosminexus
Overview Cosminexus series products contain a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. After it abends, the service can be restarted by rebooting the system. Impact A remote attacker could cause a denial of service DoS condition. Solution...
moobbs2 vulnerable to cross-site scripting
Overview moobbs2 contains a cross-site scripting vulnerability. moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
moobbs vulnerable to cross-site scripting
Overview moobbs contains a cross-site scripting vulnerability. moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#24423311: moobbs vulnerable to cross-site scripting
moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...
JVN#75101998: moobbs2 vulnerable to cross-site scripting
moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...
SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability
Overview SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does not properly function in strict mode. SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does...
JVN#12683004: SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does not properly function in strict mode. Impact Packets that should be discarded, such as when an IP address is spoofed, may be transferred without being...
Winny vulnerable to buffer overflow
Overview Winny contains a buffer overflow vulnerability. Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Moti Joseph and Kobi Pariente reported this vulnerability to JPCERT/CC. JPCERT/CC...
Winny vulnerable to buffer overflow
Overview Winny contains a buffer overflow vulnerability. Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN91740962 and JVN74294680. Makoto Iwamura of NTT Information Sharing Platform Laboratories reported this...
Winny node information processing vulnerability
Overview Winny contains a vulnerability in the processing of node information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service DDoS attacks. Fuyumasa Takatsu of University of...
Winny BBS information processing vulnerability
Overview Winny contains a vulnerability in the processing of BBS information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Yuji Ukai of eEye Digital Security...
JVN#25393522: Winny node information processing vulnerability
Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service DDoS attacks. Impact A user may take part in a DDoS attack by a remote attacker. Solution Do not use Winny Please discontinue use o...
JVN#91740962: Winny vulnerable to buffer overflow
Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...
JVN#54336184: Winny BBS information processing vulnerability
Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Impact A user may take part in a DDoS attack by a remote attacker. Solution Do not use Winny Please discontinue use of...
JVN#21471805: Winny vulnerable to buffer overflow
Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN91740962 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...
Microsoft Windows denial of service (DoS) vulnerability
Overview Microsoft Windows contains a denial of service DoS vulnerability. Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Darren Willis of Fourteenforty Research Institute Inc. reported this vulnerability to IPA. JPCERT/CC...
JVN#86832361 Microsoft Windows denial of service (DoS) vulnerability
Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Impact A remote attacker could possibly cause a denial of service DoS by sending specially crafted IPv6 packets. Solution Update the software Update to the latest version...
Arbitrary Code Execution Vulnerability in JP1/Cm2/Network Node Manager
Overview JP1/Cm2/Network Node Manager contains a vulnerability that could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...
Denial of Service (DoS) Vulnerability in HiRDB
Overview HiRDB contains a vulnerability that could cause a denial of service DoS condition. The vulnerability is due to the HiRDB process and unit abending when the HiRDB process receives unexpected data. After the HiRDB unit abends, the service can be restarted by rebooting HiRDB. Impact A remot...
Internet Navigware Server Information Disclosure Vulnerability
Overview Internet Navigware Server is vulnerable to information disclosure or data tampering. Impact A remote attacker could disclose or alter information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Forced Shutdown or Restart with JP1/ServerConductor/Deployment Manager
Overview JP1/ServerConductor/Deployment Manager's Client Service for DPM has a vulnerability which could cause a shutdown or restart of the client computer when receiving ill-formed data. Impact A remote attacker could shut down or restart the target system. Solution Please refer to the 'Vendor...
Explzh buffer overflow vulnerability
Overview Explzh contains a buffer overflow vulnerability. Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Note that versions of Explzh that contain "Arcext.dll" version 2.16...
Cross-Site Scripting Vulnerability in Interstage Portalworks and Interstage Interaction Manager Portal Function
Overview The portal function of Interstage Portalworks and Interstage Interaction Manager is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected browser. Solution Please refer to the 'Vendor Information' section for the official...
Groupmax World Wide Web Desktop Cross-Site Scripting Vulnerability
Overview Groupmax World Wide Web Desktop is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...