5609 matches found
Becky! Internet Mail buffer overflow vulnerability
Overview Becky! Internet Mail contains a buffer overflow vulnerability. Becky! Internet Mail is an email client software. Becky! Internet Mail contains a buffer overflow vulnerability as it does not properly handle read receipt requests. Yuji Ukai of Fourteenforty Research Institute, Inc. reporte...
JVN#29641290 Becky! Internet Mail buffer overflow vulnerability
Becky! Internet Mail is an email client software. Becky! Internet Mail contains a buffer overflow vulnerability as it does not properly handle read receipt requests. Impact If the user views a specially crafted email and allows a read receipt to be sent, arbitrary code may be executed. Solution...
JVN#45184501 FAST ESP cross-site scripting vulnerability
FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software An update i...
Multiple Vulnerabilities Concerning Hitachi Web Server
Overview Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server. 3. Cross-site scripting vulnerability due to...
Fulltext search CGI vulnerability allows third party to gain administrative privileges
Overview Fulltext search CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain...
JVN#80771386 Fulltext search CGI vulnerability allows third party to gain administrative privileges
Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of fulltext search CGI. Solution Update the Software Update ...
Oracle WebLogic Server vulnerable to cross-site scripting
Overview Oracle WebLogic Server formerly BEA WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Daiki Fukumori of...
JVN#93431860 Oracle WebLogic Server vulnerable to cross-site scripting
Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates...
Cisco IOS cross-site scripting vulnerability
Overview The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. A wide range of versions are affected. If...
JVN#28344798 Cisco IOS cross-site scripting vulnerability
Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest firmware provided by...
Movable Type Enterprise cross-site scripting vulnerability
Overview Movable Type Enterprise contains a cross-site scripting vulnerability. Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. This vulnerability has been fixed in...
MODx vulnerable to SQL injection
Overview MODx, an open source contents management system, contains a SQL injection vulnerability. MODx, an open source contents management system, contains a SQL injection vulnerability in the MODx Control Panel. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability ...
MODx cross-site request forgery vulnerability
Overview MODx, an open source contents management system, contains a cross-site request forgery vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
MODx cross-site scripting vulnerability
Overview MODx, an open source contents management system, contains a cross-site scripting vulnerability. MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
JVN#10170564 MODx cross-site scripting vulnerability
MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6.2 and earlier...
JVN#66828183 MODx cross-site request forgery vulnerability
MODx, an open source contents management system, contains a cross-site request forgery vulnerability. Impact A remote attacker may modify contents managed by MODx if the user views a malicious web page while logged in to MODx. Solution Update the software and change the configuration Apply the...
JVN#72630020 MODx vulnerable to SQL injection
MODx, an open source contents management system, contains a SQL injection vulnerability in the MODx Control Panel. Impact A remote attacker could obtain administrative privileges of MODx. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6....
MyNETS cross-site scripting vulnerability
Overview MyNETS, an open source SNS software, contains a cross-site scripting vulnerability. MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary...
JVN#71945722 Movable Type Enterprise cross-site scripting vulnerability
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
JVN#36802959 MyNETS cross-site scripting vulnerability
MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...
BlackJumboDog authentication bypass vulnerability
Overview BlackJumboDog from SapporoWorks contains an authentication bypass vulbnerability. BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability. Tsuyoshi Ishibashi of Mitsui Bussan Secure...
Mayaa cross-site scripting vulnerability
Overview Mayaa from Seasar Project contains a cross-site scripting vulnerability. Mayaa from Seasar Project is an open source Java template engine. The default error page that Mayaa displays contains a cross-site scripting vulnerability. Tetsuo Nakamura of NEC Soft,Ltd. reported this vulnerabilit...
JVN#17298485 Mayaa cross-site scripting vulnerability
Mayaa from Seasar Project is an open source Java template engine. The default error page that Mayaa displays contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Apply the latest update provided by the...
JVN#98063934 BlackJumboDog authentication bypass vulnerability
BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability Impact A remote attacker can bypass authentication of BlackJumboDog. As a result, the attacker gains access to the server and information may...
PHP vulnerable to cross-site scripting
Overview PHP contains a cross-site scripting vulnerability. PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Tomoki Sanaki of International Network Security, Inc. report...
JVN#50327700 PHP vulnerable to cross-site scripting
PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Overview Access Analyzer CGI from futomi's CGI Cafe contains a predictable session ID vulnerability. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could...
JVN#07468800 Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could impersonate an administrator of Access Analyzer CGI. As a result, a remote attacker could view access...
Groupmax Workflow - Development Kit for Active Server Pages Cross-Site Scripting Vulnerability
Overview Groupmax Workflow - Development Kit for Active Server Pages contains a cross-site scripting vulnerability. Impact A remote attacker could have the users execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...
Groupmax Collaboration - Schedule Mis-scheduling Problem: Unintended Members Included When Reservations are Made by Secretary
Overview In the event a secretary makes a reservation using Groupmax Collaboration - Schedule, there might be a scheduling error that causes unintended members to also have the event included in their schedules. Impact There is a possibility that unintended members one's self, superior, or...
Movable Type Enterprise cross-site scripting vulnerability
Overview Movable Type Enterprise contains a cross-site scripting vulnerability. Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Yosuke HASEGAWA of...
JVN#02216739 Movable Type Enterprise cross-site scripting vulnerability
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Impact An arbitrary script may be executed on an user's web browser. Solution Update the Software Update...
I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability
Overview The HDL-F series products from I-O DATA DEVICE, INC. are LAN connectable hard disk drives. The web interface for administration in the products contains a cross-site request forgery vulnerability. The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk...
JP1/VERITAS NetBackup JAVA Administration GUI Privilege Escalation Vulnerability
Overview The JAVA Administration Graphical User Interface GUI in JP1/VERITAS NetBackup contains a privilege escalation vulnerability. Impact A remote authenticated attacker could gain escalated privileges. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...
CGI RESCUE MiniBBS2000 directory traversal vulnerability
Overview MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability. MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability. The vendor reported that the downloadable files addressing this vulnerability were incorrect v1.02. Files...
JVN#70599814 I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability
The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. Configuration of these devices are done through a web-based interface. This web interface is vulnerable to cross-site request forgery. Impact If a user views a malicious web page while logged into th...
JP1/Integrated Management Service Support Cross-Site Scripting Vulnerability
Overview JP1/Integrated Management Service Support is vulnerable to cross-site scripting due to failure to properly process requests. Impact An attacker could perform cross-site scripting attacks by embedding malicious scripts in a request. Solution Please refer to the 'Vendor Information' sectio...
JVN#86833991 CGI RESCUE MiniBBS2000 directory traversal vulnerability
MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability. Impact A remote attacker could view files on the server where MiniBBS2000 is installed. This could lead to disclosure of file contents. Solution Update the Software Update to the latest versi...
GungHo LoadPrgAx vulnerable to arbitrary Java program execution
Overview LoadPrgAx ActiveX control from GungHo Online Entertainment, Inc. contains a vulnerability that allows an attacker to execute an arbitrary Java program. LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a...
JVN#47875752 GungHo LoadPrgAx vulnerable to arbitrary Java program execution
LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a vulnerability that allows an attacker to execute an arbitrary Java program that resides on a user's PC. Impact If a user views a specially crafted HTML document web...
sISAPILocation vulnerability bypasses HTTP header rewrite function
Overview sISAPILocation, an ISAPI Internet Server Application Program Interface filter, contains a vulnerability that allows the HTTP header rewrite function to be bypassed. sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services...
EC-CUBE vulnerable to SQL injection
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a SQL injection vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. This vulnerability is different from JVN81111541. An updated version addressin...
JVN#19072922 EC-CUBE vulnerable to SQL injection
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. This vulnerability is different from JVN81111541. Impact A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE...
JVN#67060882 sISAPILocation vulnerability bypasses HTTP header rewrite function
sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services. sISAPILocation contains a vulnerability that allows the HTTP header rewrite function to be bypassed. Impact When sISAPILocation is used to configure settings, such as to specify charact...
CA ARCserver Backup and CA ARCserve Backup Client Agent Denial of Service (DoS) Vulnerability
Overview CA ARCserve Backup and CA ARCserve Backup Client Agent fail to properly handle packets with a large integer value used in an increment to TCP port 41523, which leads to a denial of service DoS. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer ...
BrightStor ARCserve and eTrust Antivirus Arbitrary Code Execution Vulnerability
Overview BrightStor ARCserve Backup and eTrust Antirus r7.1 have a problem in handling RPC requests and are vulnerable to arbitrary code execution. Impact A remote authenticated attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official...
Snoopy command injection vulnerability
Overview Snoopy, a PHP library contains a command injection vulnerability. Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Takeshi Terada of Mitsui Bussan Secure...
JVN#20502807 Snoopy command injection vulnerability
Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Impact An arbitrary command could be executed with the privilege of the server where Snoopy runs. Solution Update t...
Internet Explorer vulnerable in handling CDO protocol
Overview Internet Explorer is vulnerable in handling CDO Collaboration Data Objects protocol, which allows the download dialog box to be bypassed. When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual conten...
MyNETS cross-site scripting vulnerability
Overview MyNETS, an open source SNS software, contains a cross-site scripting vulnerability. MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary...