5625 matches found
JVN#12244807 Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac
PukiWikiMod from XOOPS Maniac is a contents management software for XOOPS. PukiWikiMod contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to latest version according to the information provided b...
iPhone OS denial of service (DoS) vulnerability
Overview iPhone OS from Apple contains a denial of service DoS vulnerability. Masaki Yoshida reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership. Impact A remote attacker could possibly cause a denial of service DoS attack...
Buffer overflow vulnerability in Microsoft Works converters
Overview Microsoft Works converters contain a buffer overflow vulnerability. Microsoft Works converters contain a buffer overflow vulnerability when processing Works .wps files. The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for June 2009. For...
Cross-site scripting vulnerability in activeCollab
Overview activeCollab from A51 D.O.O. contains a cross-site scripting vulnerability. activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendo...
Apache Tomcat denial of service (DoS) vulnerability
Overview Apache Tomcat from The Apache Software Foundation contains a denial of service DoS vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. If Tomcat receives a request with an invalid header via the...
Apache Tomcat information disclosure vulnerability
Overview Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow...
Predictable session ID vulnerability in Serene Bach
Overview Serene Bach from SerendipityNZ Limited contains a vulnerability in which it generates predictable session ID's. Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's. Impact A remote...
JVN#87239696 iPhone OS denial of service (DoS) vulnerability
iPhone OS from Apple contains a denial of service DoS vulnerability. Impact A remote attacker could possibly cause a denial of service DoS attack by sending a specially crafted packet. Solution Update the software Update to latest version according to the information provided by Apple. Products...
JVN#70858401 Buffer overflow vulnerability in Microsoft Works converters
Microsoft Works converters contain a buffer overflow vulnerability when processing Works .wps files. Impact If a user opens a malicious Works file, an attacker may execute arbitrary code. Solution Update the software Update to latest version according to the information provided by Microsoft...
JVN#55752635 Cross-site scripting vulnerability in activeCollab
activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software According to the vendor, activeCollab 0.x is no longer being developed or...
JVN#87272440: Apache Tomcat denial of service (DoS) vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. If Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connecto...
JVN#63832775: Apache Tomcat information disclosure vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. Impact A remote attacker cou...
JVN#20689557 Predictable session ID vulnerability in Serene Bach
Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's. Impact A remote attacker could impersonate an administrator of Serene Bach. As a result, an attacker could obtain or alter information stored ...
IMG-BBS from MT312 vulnerable to cross-site scripting
Overview IMG-BBS from MT312 contains a cross-site scripting vulnerability. IMG-BBS from MT312, is a web log system that supports posting picture files via email from a mobile phone. IMG-BBS contains a cross-site scripting vulnerability. Note that versions of IMG-BBS imgbbs.lzh that contain...
REP-BBS from MT312 vulnerable to cross-site scripting
Overview REP-BBS from MT312 contains a cross-site scripting vulnerability. REP-BBS from MT312, is a web log system that supports posting and viewing web logs from a mobile phone. REP-BBS contains a cross-site scripting vulnerability. Note that versions of REP-BBS repbbs.lzh that contain "model.ph...
Directory traversal vulnerability in multiple Cisco Systems products
Overview Multiple products provided by Cisco Systems contain a directory traversal vulnerablility. Multiple Cisco Systems products are vulnerable to directory traversal due to an issue in CiscoWorks Common Services. Jun Okada of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA...
JVN#01115659 REP-BBS from MT312 vulnerable to cross-site scripting
REP-BBS from MT312, is a web log system that supports posting and viewing web logs from a mobile phone. REP-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest versi...
JVN#62527913 Directory traversal vulnerability in multiple Cisco Systems products
Multiple Cisco Systems products are vulnerable to directory traversal due to an issue in CiscoWorks Common Services. Impact A remote attacker could view or alter files on the target server. Solution Update the software Update to the latest version of CiscoWorks Common Services according the...
JVN#70836284 IMG-BBS from MT312 vulnerable to cross-site scripting
IMG-BBS from MT312, is a web log system that supports posting picture files via email from a mobile phone. IMG-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest...
Cross-site scripting vulnerability in leger (free edition)
Overview leger free edition from 'AD2000' contains a cross-site scripting vulnerability. leger free edition from 'AD2000' is a software to manage conference room reservations. leger free edition contains a cross-site scripting vulnerability. The vendor has reported that Ver. 1.6.4 released on May...
a-News from Appleple vulnerable to cross-site scripting
Overview a-News from Appleple contains a cross-site scripting vulnerability. a-News, a web log system from Appleple, contains a cross-site scripting vulnerability. Note that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using ...
JVN#57036470 Cross-site scripting vulnerability in leger (free edition)
leger free edition from 'AD2000' is a software to manage conference room reservations. leger free edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...
JVN#42927215 a-News from Appleple vulnerable to cross-site scripting
a-News, a web log system from Appleple, contains a cross-site scripting vulnerability. Note that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using a web log system to use a-blog. Impact An arbitrary script may be executed on...
HP System Management Homepage vulnerable to cross-site scripting
Overview HP System Management Homepage SMH from Hewlett-Packard contains a cross-site scripting vulnerability. HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. SMH contains a cross-site scripting vulnerability. This vulnerability is...
JVN#02331156 HP System Management Homepage vulnerable to cross-site scripting
HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. SMH contains a cross-site scripting vulnerability. This vulnerability is different from JVN19240523. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the...
Trees from CGI RESCUE vulnerable to cross-site scripting
Overview Trees from CGI RESCUE contains a cross-site scripting vulnerability Trees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#28521500 Trees from CGI RESCUE vulnerable to cross-site scripting
Trees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Trees...
Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting
Overview Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability. Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server...
JVN#73653977 Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting
Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...
SQL injection vulnerability in SKIP from SKIP User Group
Overview SKIP from SKIP User Group contains a SQL injection vulnerability. SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a SQL injection vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...
Cross-site scripting vulnerability in SKIP from SKIP User Group
Overview SKIP from SKIP User Group contains a cross-site scripting vulnerability. SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...
JVN#03114223 SQL injection vulnerability in SKIP from SKIP User Group
SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a SQL injection vulnerability. Impact Contents created by SKIP can be altered or information saved by SKIP can be obtained by a user that can login to SKIP. Solution Update the software Update to the...
JVN#43233160 Cross-site scripting vulnerability in SKIP from SKIP User Group
SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on certain web browsers. Solution Update the software Update to the latest version according to the information provid...
Web Mailer from CGI RESCUE vulnerable to HTTP header injection
Overview Web Mailer from CGI RESCUE contains a HTTP header injection vulnerability. Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. This vulnerability has been fixed and an updated...
FORM2MAIL from CGI RESCUE allows unauthorized email transmission
Overview FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration. FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows...
Cross-site scripting vulnerability in MiniBBS from CGI RESCUE
Overview MiniBBS from CGI RESCUE contains a cross-site scripting vulnerability. MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability. This vulnerability has been fixed and an updated version was released on December 13, 2008. Impact An arbitrary...
MiniBBS22 from CGI RESCUE allows unauthorized email transmission
Overview MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration. MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the...
Movable Type cross-site scripting vulnerability
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. This vulnerability has been fixed and an updated version...
JVN#36982346 MiniBBS22 from CGI RESCUE allows unauthorized email transmission
MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send any email to an arbitrary address. Solution Update the software Update to the latest versi...
JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection
Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...
JVN#76370393 FORM2MAIL from CGI RESCUE allows unauthorized email transmission
FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send emails to arbitrary addresses. Solution Updat...
JVN#11396739 Cross-site scripting vulnerability in MiniBBS from CGI RESCUE
MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the vendor. Products...
JVN#97248625 Movable Type cross-site scripting vulnerability
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...
Cross-site scripting vulnerability in apricot.php from LovPop.net
Overview apricot.php from LovPop.net contains a cross-site scripting vulnerability. apricot.php from LovPop.net is a software to analyze web access logs. apricot.php contains a cross-site scripting vulnerability. Note that future releases and maintenance of apricot.php ended on March 19, 2009...
Fujitsu Jasmine HTTP Response Splitting Vulnerability When Executing WebLink Template
Overview A vulnerability exists in Fujitsu Jasmine where HTTP response splitting may be conducted when the WebLink template is executed. Impact An attacker could insert arbitrary HTTP headers and launch HTTP response splitting attacks. Solution Please refer to the 'Vendor Information' section for...
JVN#82744714 Cross-site scripting vulnerability in apricot.php from LovPop.net
apricot.php from LovPop.net is a software to analyze web access logs. apricot.php contains a cross-site scripting vulnerability. Note that future releases and maintenance of apricot.php ended on March 19, 2009. Users who wish to analyze access logs are recommended to use a different product that...
XOOPS Cube Legacy cross-site scripting vulnerability
Overview XOOPS Cube Legacy from XOOPS Cube Project contains a cross-site scripting vulnerability. XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Lega...
JVN#33846134 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of...
JVN#74747784 XOOPS Cube Legacy cross-site scripting vulnerability
XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Legacy distribution "Hodajuku distribution" and "additional modules" are not affected by this...
Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges
Overview Access Analyzer CGI Professional Version from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contain...