5609 matches found
Site Calendar 'mycaljp' vulnerable to cross-site scripting
Overview Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. The affected plugin is also contained...
Hitachi Business Logic Cross-Site Scripting Vulnerability
Overview Hitachi Business Logic is vulnerable to cross-site scripting. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
SugarCRM vulnerable to SQL injection
Overview SugarCRM contains a SQL injection vulnerability. SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#31035930 SugarCRM vulnerable to SQL injection
SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Impact As a result of SQL injection, contents within the database can be compromised. Solution Update the Software Update to the latest version according to the information provided by th...
JVN#20478978 Site Calendar 'mycaljp' vulnerable to cross-site scripting
Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...
ColdFusion vulnerable to cross-site scripting
Overview ColdFusion provided by Adobe contains a cross-site scripting vulnerability. ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Project VEX of UBsecure...
JVN#21388501 ColdFusion vulnerable to cross-site scripting
ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the...
Cross-site request forgery vulnerability in FreeNAS
Overview FreeNAS contains a cross-site request forgery vulnerability. FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site request forgery vulnerability. Hiroyuki Shinshiba of LAC:Little eArth Corporation Co., LTD. reported this vulnerability to IPA. JPCERT/CC...
Cross-site scripting vulnerability in FreeNAS
Overview FreeNAS contains a cross-site scripting vulnerability. FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site scripting vulnerability. Hiroyuki Shinshiba of LAC:Little eArth Corporation Co., LTD. reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#89791790 Cross-site scripting vulnerability in FreeNAS
FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#15267895 Cross-site request forgery vulnerability in FreeNAS
FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged into the web-based interface, an attacker could modify configurations or delete data on the hard disk drive. Solution...
Webservice-DIC yoyaku_v41 vulnerable to command injection
Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with t...
JVN#80436657 Webservice-DIC yoyaku_v41 vulnerable to command injection
yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution Update the Software Update to the latest version...
MySQL Connector/J vulnerable to SQL injection
Overview MySQL Connector/J from Sun Microsystems contains a SQL injection vulnerability. MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Masakazu Ikeda...
JVN#59748723 MySQL Connector/J vulnerable to SQL injection
MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Impact A remote attacker could obtain and modify contents in the database. Solution Update the Software...
Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
Overview RevoCounter CGI Animation Counter from futomi's CGI Cafe contains a cross-site scripting vulnerability. RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting...
JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Softwar...
shiromuku(fs6)DIARY cross-site scripting vulnerability
Overview shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku contains a cross-site scripting vulnerability. shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromukufs6DIARY contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the...
Hitachi Web Server Vulnerability in SSL Client Authentication
Overview Hitachi Web Server contains a vulnerability in handling SSL client certificates, which could allow an attacker to manipulate environment variables and/or spoof the client to access Web servers. Impact An attacker could manipulate environment variables and/or spoof the client to access We...
Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability
Overview Hitachi Web Server contains a vulnerability that could lead to a denial of service DoS condition when using it as a reverse proxy due to excessive memory usage. Impact The server could fall into a denial of service DoS state when continuously receiving fraudulent responses from backend W...
JVN#31110006 shiromuku(fs6)DIARY cross-site scripting vulnerability
shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromukufs6DIARY contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Zip File Scanning Utility
Overview Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability that allows unauthorized access through a zip file scanning API. Impact Unauthorized access may be done when loading and scanning an external zip file. Solution Please refer to the 'Vendor...
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process
Overview Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access. Impact Unauthorized access may be done exploiting a deficiency in encodin...
PHP-I-BOARD from Let's PHP! vulnerable to directory traversal
Overview PHP-I-BOARD from Let's PHP! contains a directory traversal vulnerability. PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
PHP-I-BOARD from Let's PHP! vulnerable to cross-site scripting
Overview PHP-I-BOARD from Let's PHP! contains a cross-site scripting vulnerability. PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Tree BBS from Let's PHP! vulnerable to cross-site scripting
Overview Tree BBS from Let's PHP! contains a cross-site scripting vulnerability. Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC...
Movable Type access restriction bypass vulnerability
Overview Movable Type contains an access restriction bypass vulnerability. Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. A successful attack requires mt-wizard.cgi not to be deleted after initial setup. For...
Movable Type cross-site scripting vulnerability
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. A successful attack requires mt-wizard.cgi not to be...
JVN#32788272 PHP-I-BOARD from Let's PHP! vulnerable to directory traversal
PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#93827000 Tree BBS from Let's PHP! vulnerable to cross-site scripting
Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by t...
JVN#20219071 PHP-I-BOARD from Let's PHP! vulnerable to cross-site scripting
PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#86472161 Movable Type cross-site scripting vulnerability
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...
JVN#08369659 Movable Type access restriction bypass vulnerability
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. Impact A remote attacker may send unsolicited email to arbitrary addresses or view information stored in Movable Type. Solution Update the Software Update to the...
Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac
Overview PukiWikiMod from XOOPS Maniac contains a cross-site scripting vulnerability. PukiWikiMod from XOOPS Maniac is a contents management software for XOOPS. PukiWikiMod contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solutio...
JVN#12244807 Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac
PukiWikiMod from XOOPS Maniac is a contents management software for XOOPS. PukiWikiMod contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to latest version according to the information provided b...
iPhone OS denial of service (DoS) vulnerability
Overview iPhone OS from Apple contains a denial of service DoS vulnerability. Masaki Yoshida reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership. Impact A remote attacker could possibly cause a denial of service DoS attack...
Buffer overflow vulnerability in Microsoft Works converters
Overview Microsoft Works converters contain a buffer overflow vulnerability. Microsoft Works converters contain a buffer overflow vulnerability when processing Works .wps files. The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for June 2009. For...
Cross-site scripting vulnerability in activeCollab
Overview activeCollab from A51 D.O.O. contains a cross-site scripting vulnerability. activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendo...
Apache Tomcat denial of service (DoS) vulnerability
Overview Apache Tomcat from The Apache Software Foundation contains a denial of service DoS vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. If Tomcat receives a request with an invalid header via the...
Apache Tomcat information disclosure vulnerability
Overview Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow...
Predictable session ID vulnerability in Serene Bach
Overview Serene Bach from SerendipityNZ Limited contains a vulnerability in which it generates predictable session ID's. Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's. Impact A remote...
JVN#87239696 iPhone OS denial of service (DoS) vulnerability
iPhone OS from Apple contains a denial of service DoS vulnerability. Impact A remote attacker could possibly cause a denial of service DoS attack by sending a specially crafted packet. Solution Update the software Update to latest version according to the information provided by Apple. Products...
JVN#70858401 Buffer overflow vulnerability in Microsoft Works converters
Microsoft Works converters contain a buffer overflow vulnerability when processing Works .wps files. Impact If a user opens a malicious Works file, an attacker may execute arbitrary code. Solution Update the software Update to latest version according to the information provided by Microsoft...
JVN#55752635 Cross-site scripting vulnerability in activeCollab
activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software According to the vendor, activeCollab 0.x is no longer being developed or...
JVN#87272440: Apache Tomcat denial of service (DoS) vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. If Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connecto...
JVN#63832775: Apache Tomcat information disclosure vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. Impact A remote attacker cou...
JVN#20689557 Predictable session ID vulnerability in Serene Bach
Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's. Impact A remote attacker could impersonate an administrator of Serene Bach. As a result, an attacker could obtain or alter information stored ...
IMG-BBS from MT312 vulnerable to cross-site scripting
Overview IMG-BBS from MT312 contains a cross-site scripting vulnerability. IMG-BBS from MT312, is a web log system that supports posting picture files via email from a mobile phone. IMG-BBS contains a cross-site scripting vulnerability. Note that versions of IMG-BBS imgbbs.lzh that contain...
REP-BBS from MT312 vulnerable to cross-site scripting
Overview REP-BBS from MT312 contains a cross-site scripting vulnerability. REP-BBS from MT312, is a web log system that supports posting and viewing web logs from a mobile phone. REP-BBS contains a cross-site scripting vulnerability. Note that versions of REP-BBS repbbs.lzh that contain "model.ph...
Directory traversal vulnerability in multiple Cisco Systems products
Overview Multiple products provided by Cisco Systems contain a directory traversal vulnerablility. Multiple Cisco Systems products are vulnerable to directory traversal due to an issue in CiscoWorks Common Services. Jun Okada of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA...