5625 matches found
JVN#65914253 Directory traversal vulnerability in multiple phpspot products
Multiple products BBS Software etc. provided by phpspot contain a directory traversal vulnerablility. Impact A remote attacker could view files on the server where the product is installed. This could lead to disclosure of contents. Solution Update the software Update to latest version according ...
XF-Section vulnerable to cross-site scripting
Overview XF-Section from Happy Linux contains a cross-site scripting vulnerability. XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Third-party cookie issue in Opera
Overview Opera contains an issue in which third-party cookies are not handled properly. Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the...
JVN#00425482 XF-Section vulnerable to cross-site scripting
XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use XF-Section Since the product is no longer being developed, users are...
JVN#39157969 Third-party cookie issue in Opera
Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the default installation of Opera. Impact A remote attacker may be able to trace an user's...
GIF File Processing Denial of Service Vulnerability in Multiple JP1 Products
Overview A vulnerability exists in multiple JP1 products that could allow an attacker to cause denial of service DoS condition due to error in processing GIF files. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer to the 'Vendor Information' section fo...
Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP
Overview Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities that could allow an attacker to execute arbitrary commands. Impact A remote attacker could execute arbitrary commands. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...
Webservice-DIC yoyaku_v41 vulnerable to command injection
Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. This vulnerability is different from JVN80436657. Keigo Yamazaki of LAC Co.,...
JVN#05857667 Webservice-DIC yoyaku_v41 vulnerable to command injection
yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. This vulnerability is different from JVN80436657. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution...
Buffer overflow vulnerability in Microsoft Windows
Overview Microsoft Windows contains a buffer overflow vulnerability. Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files. The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary...
JVN#62211338 Buffer overflow vulnerability in Microsoft Windows
Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files. Impact If a user opens a specially crafted file, an attacker may execute arbitrary code. Solution Update the software Apply the update according to the information...
JVN#57040664 ATOK screen lock bypass vulnerability
ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass vulnerability. Impact An attacker could execute arbitrary code or program with the privileges ...
Issue of Access Control Failure in Hitachi Device Manager Server
Overview Hitachi Device Manager servers contain a vulnerability in which access control settings would be rendered invalid in the following cases: - IPv6 format is used for communications between a Hitachi Device Manager server and its clients. - Access controls for Hitachi Device Manager clients...
Issue of Access Control Failure in Groupmax Scheduler Server
Overview Groupmax Scheduler Server contains a vulnerability in which access privilege settings can be rendered invalid. Impact An unauthorized user may gain access to the Groupmax Scheduler Server. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery
Overview bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. bingo!CMS core and bingo!CMS are content management systems CMS. bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC...
JVN#68640473 bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery
bingo!CMS core and bingo!CMS are content management systems CMS. bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged into the CMS, an attacker could modify configurations or modify contents managed by CMS...
Site Calendar 'mycaljp' vulnerable to cross-site scripting
Overview Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. The affected plugin is also contained...
Hitachi Business Logic Cross-Site Scripting Vulnerability
Overview Hitachi Business Logic is vulnerable to cross-site scripting. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
SugarCRM vulnerable to SQL injection
Overview SugarCRM contains a SQL injection vulnerability. SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#31035930 SugarCRM vulnerable to SQL injection
SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Impact As a result of SQL injection, contents within the database can be compromised. Solution Update the Software Update to the latest version according to the information provided by th...
JVN#20478978 Site Calendar 'mycaljp' vulnerable to cross-site scripting
Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...
ColdFusion vulnerable to cross-site scripting
Overview ColdFusion provided by Adobe contains a cross-site scripting vulnerability. ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Project VEX of UBsecure...
JVN#21388501 ColdFusion vulnerable to cross-site scripting
ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the...
Cross-site request forgery vulnerability in FreeNAS
Overview FreeNAS contains a cross-site request forgery vulnerability. FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site request forgery vulnerability. Hiroyuki Shinshiba of LAC:Little eArth Corporation Co., LTD. reported this vulnerability to IPA. JPCERT/CC...
Cross-site scripting vulnerability in FreeNAS
Overview FreeNAS contains a cross-site scripting vulnerability. FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site scripting vulnerability. Hiroyuki Shinshiba of LAC:Little eArth Corporation Co., LTD. reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#15267895 Cross-site request forgery vulnerability in FreeNAS
FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged into the web-based interface, an attacker could modify configurations or delete data on the hard disk drive. Solution...
JVN#89791790 Cross-site scripting vulnerability in FreeNAS
FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...
Webservice-DIC yoyaku_v41 vulnerable to command injection
Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with t...
JVN#80436657 Webservice-DIC yoyaku_v41 vulnerable to command injection
yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution Update the Software Update to the latest version...
MySQL Connector/J vulnerable to SQL injection
Overview MySQL Connector/J from Sun Microsystems contains a SQL injection vulnerability. MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Masakazu Ikeda...
JVN#59748723 MySQL Connector/J vulnerable to SQL injection
MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Impact A remote attacker could obtain and modify contents in the database. Solution Update the Software...
Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
Overview RevoCounter CGI Animation Counter from futomi's CGI Cafe contains a cross-site scripting vulnerability. RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting...
JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Softwar...
shiromuku(fs6)DIARY cross-site scripting vulnerability
Overview shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku contains a cross-site scripting vulnerability. shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromukufs6DIARY contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the...
Hitachi Web Server Vulnerability in SSL Client Authentication
Overview Hitachi Web Server contains a vulnerability in handling SSL client certificates, which could allow an attacker to manipulate environment variables and/or spoof the client to access Web servers. Impact An attacker could manipulate environment variables and/or spoof the client to access We...
Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability
Overview Hitachi Web Server contains a vulnerability that could lead to a denial of service DoS condition when using it as a reverse proxy due to excessive memory usage. Impact The server could fall into a denial of service DoS state when continuously receiving fraudulent responses from backend W...
JVN#31110006 shiromuku(fs6)DIARY cross-site scripting vulnerability
shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromukufs6DIARY contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Zip File Scanning Utility
Overview Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability that allows unauthorized access through a zip file scanning API. Impact Unauthorized access may be done when loading and scanning an external zip file. Solution Please refer to the 'Vendor...
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process
Overview Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access. Impact Unauthorized access may be done exploiting a deficiency in encodin...
PHP-I-BOARD from Let's PHP! vulnerable to directory traversal
Overview PHP-I-BOARD from Let's PHP! contains a directory traversal vulnerability. PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
PHP-I-BOARD from Let's PHP! vulnerable to cross-site scripting
Overview PHP-I-BOARD from Let's PHP! contains a cross-site scripting vulnerability. PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Tree BBS from Let's PHP! vulnerable to cross-site scripting
Overview Tree BBS from Let's PHP! contains a cross-site scripting vulnerability. Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC...
Movable Type access restriction bypass vulnerability
Overview Movable Type contains an access restriction bypass vulnerability. Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. A successful attack requires mt-wizard.cgi not to be deleted after initial setup. For...
Movable Type cross-site scripting vulnerability
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. A successful attack requires mt-wizard.cgi not to be...
JVN#93827000 Tree BBS from Let's PHP! vulnerable to cross-site scripting
Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by t...
JVN#20219071 PHP-I-BOARD from Let's PHP! vulnerable to cross-site scripting
PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#32788272 PHP-I-BOARD from Let's PHP! vulnerable to directory traversal
PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#86472161 Movable Type cross-site scripting vulnerability
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...
JVN#08369659 Movable Type access restriction bypass vulnerability
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. Impact A remote attacker may send unsolicited email to arbitrary addresses or view information stored in Movable Type. Solution Update the Software Update to the...
Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac
Overview PukiWikiMod from XOOPS Maniac contains a cross-site scripting vulnerability. PukiWikiMod from XOOPS Maniac is a contents management software for XOOPS. PukiWikiMod contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solutio...