JVN#62527913 Directory traversal vulnerability in multiple Cisco Systems products

Multiple Cisco Systems products are vulnerable to directory traversal due to an issue in CiscoWorks Common Services. Impact A remote attacker could view or alter files on the target server. Solution Update the software Update to the latest version of CiscoWorks Common Services according the...

JVN#01115659 REP-BBS from MT312 vulnerable to cross-site scripting

REP-BBS from MT312, is a web log system that supports posting and viewing web logs from a mobile phone. REP-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest versi...

JVN#70836284 IMG-BBS from MT312 vulnerable to cross-site scripting

IMG-BBS from MT312, is a web log system that supports posting picture files via email from a mobile phone. IMG-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest...

Cross-site scripting vulnerability in leger (free edition)

Overview leger free edition from 'AD2000' contains a cross-site scripting vulnerability. leger free edition from 'AD2000' is a software to manage conference room reservations. leger free edition contains a cross-site scripting vulnerability. The vendor has reported that Ver. 1.6.4 released on May...

a-News from Appleple vulnerable to cross-site scripting

Overview a-News from Appleple contains a cross-site scripting vulnerability. a-News, a web log system from Appleple, contains a cross-site scripting vulnerability. Note that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using ...

JVN#57036470 Cross-site scripting vulnerability in leger (free edition)

leger free edition from 'AD2000' is a software to manage conference room reservations. leger free edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

JVN#42927215 a-News from Appleple vulnerable to cross-site scripting

a-News, a web log system from Appleple, contains a cross-site scripting vulnerability. Note that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using a web log system to use a-blog. Impact An arbitrary script may be executed on...

HP System Management Homepage vulnerable to cross-site scripting

Overview HP System Management Homepage SMH from Hewlett-Packard contains a cross-site scripting vulnerability. HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. SMH contains a cross-site scripting vulnerability. This vulnerability is...

JVN#02331156 HP System Management Homepage vulnerable to cross-site scripting

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. SMH contains a cross-site scripting vulnerability. This vulnerability is different from JVN19240523. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the...

Trees from CGI RESCUE vulnerable to cross-site scripting

Overview Trees from CGI RESCUE contains a cross-site scripting vulnerability Trees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

JVN#28521500 Trees from CGI RESCUE vulnerable to cross-site scripting

Trees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Trees...

Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting

Overview Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability. Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server...

JVN#73653977 Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting

Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...

SQL injection vulnerability in SKIP from SKIP User Group

Overview SKIP from SKIP User Group contains a SQL injection vulnerability. SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a SQL injection vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

Cross-site scripting vulnerability in SKIP from SKIP User Group

Overview SKIP from SKIP User Group contains a cross-site scripting vulnerability. SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...

JVN#43233160 Cross-site scripting vulnerability in SKIP from SKIP User Group

SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on certain web browsers. Solution Update the software Update to the latest version according to the information provid...

JVN#03114223 SQL injection vulnerability in SKIP from SKIP User Group

SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a SQL injection vulnerability. Impact Contents created by SKIP can be altered or information saved by SKIP can be obtained by a user that can login to SKIP. Solution Update the software Update to the...

Web Mailer from CGI RESCUE vulnerable to HTTP header injection

Overview Web Mailer from CGI RESCUE contains a HTTP header injection vulnerability. Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. This vulnerability has been fixed and an updated...

FORM2MAIL from CGI RESCUE allows unauthorized email transmission

Overview FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration. FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows...

Cross-site scripting vulnerability in MiniBBS from CGI RESCUE

Overview MiniBBS from CGI RESCUE contains a cross-site scripting vulnerability. MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability. This vulnerability has been fixed and an updated version was released on December 13, 2008. Impact An arbitrary...

MiniBBS22 from CGI RESCUE allows unauthorized email transmission

Overview MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration. MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the...

Movable Type cross-site scripting vulnerability

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. This vulnerability has been fixed and an updated version...

JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection

Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...

JVN#76370393 FORM2MAIL from CGI RESCUE allows unauthorized email transmission

FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send emails to arbitrary addresses. Solution Updat...

JVN#11396739 Cross-site scripting vulnerability in MiniBBS from CGI RESCUE

MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the vendor. Products...

JVN#36982346 MiniBBS22 from CGI RESCUE allows unauthorized email transmission

MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send any email to an arbitrary address. Solution Update the software Update to the latest versi...

JVN#97248625 Movable Type cross-site scripting vulnerability

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...

Cross-site scripting vulnerability in apricot.php from LovPop.net

Overview apricot.php from LovPop.net contains a cross-site scripting vulnerability. apricot.php from LovPop.net is a software to analyze web access logs. apricot.php contains a cross-site scripting vulnerability. Note that future releases and maintenance of apricot.php ended on March 19, 2009...

Fujitsu Jasmine HTTP Response Splitting Vulnerability When Executing WebLink Template

Overview A vulnerability exists in Fujitsu Jasmine where HTTP response splitting may be conducted when the WebLink template is executed. Impact An attacker could insert arbitrary HTTP headers and launch HTTP response splitting attacks. Solution Please refer to the 'Vendor Information' section for...

JVN#82744714 Cross-site scripting vulnerability in apricot.php from LovPop.net

apricot.php from LovPop.net is a software to analyze web access logs. apricot.php contains a cross-site scripting vulnerability. Note that future releases and maintenance of apricot.php ended on March 19, 2009. Users who wish to analyze access logs are recommended to use a different product that...

XOOPS Cube Legacy cross-site scripting vulnerability

Overview XOOPS Cube Legacy from XOOPS Cube Project contains a cross-site scripting vulnerability. XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Lega...

JVN#33846134 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of...

JVN#74747784 XOOPS Cube Legacy cross-site scripting vulnerability

XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Legacy distribution "Hodajuku distribution" and "additional modules" are not affected by this...

Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges

Overview Access Analyzer CGI Professional Version from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contain...

JVN#63511247 Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of Access Analyzer C...

Fujitsu Enhanced Support Facility HRM-S Hardware/Software Information Disclosure Vulnerability

Overview A vulnerability exists in the HRM-S of Fujitsu Enhanced Support Facility that allows the issue of hardware and software information requests by remote unauthenticated users. Impact A remote attacker could obtain the hardware and software configuration information on the vulnerable system...

Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)

Overview Access Analyzer CGI Standard Version Ver. 3.x from futomi's CGI Cafe contains a cross-site scripting vulnerability. Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version Ver. 3.x contains a...

JVN#23558374 Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)

Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version Ver. 3.x contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

MP Form Mail CGI vulnerability allows third party to gain administrative privileges

Overview MP Form Mail CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allow...

JVN#84899898 MP Form Mail CGI vulnerability allows third party to gain administrative privileges

MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of MP Form Mail CGI...

Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras

Overview The ActiveX Control for Sony SNC series network cameras contains a heap-based buffer overflow vulnerability. The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer...

PEAK XOOPS piCal cross-site scripting vulnerability

Overview piCal from PEAK XOOPS contains a cross-site scripting vulnerability. piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Masako Oono of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with...

Multiple Vulnerabilities in uCosminexus Portal Framework

Overview uCosminexus Portal Framework contains multiple vulnerabilities. Impact A remote attacker could perform malicious acts, such as information leaking, identity spoofing and updating data with wrong values. Solution Please refer to the 'Vendor Information' section for the official...

JP1/Cm2/Network Node Manager Denial of Service (DoS) Vulnerability

Overview A vulnerability in JP1/Cm2/Network Node Manager NNM could cause a denial of service DoS condition when using the Shared Trace Service. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer to the 'Vendor Information' section for the official...

Apache Tomcat information disclosure vulnerability

Overview Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may result in...

Vulnerability allowing Viewing/Updating of Other Users' Information in Groupmax World Wide Web Desktop Version 6

Overview In Groupmax World Wide Web Desktop Version 6, a vulnerability exists in which the information of other users can be viewed and/or updated under a load balancing environment. Impact There is the possibility that information of other users may be viewed and/or updated under a load balancin...

JVN#66905322: Apache Tomcat information disclosure vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request. Impact A remote attacker could possibly obtain user...

JVN#91591874 PEAK XOOPS piCal cross-site scripting vulnerability

piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

JVN#16767117 Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras

The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables. Impact A remote attacker cou...

FAST ESP cross-site scripting vulnerability

Overview FAST ESP, an enterprise search platform from Microsoft, contains a cross-site scripting vulnerability. FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability...