5625 matches found
JVN#63511247 Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of Access Analyzer C...
Fujitsu Enhanced Support Facility HRM-S Hardware/Software Information Disclosure Vulnerability
Overview A vulnerability exists in the HRM-S of Fujitsu Enhanced Support Facility that allows the issue of hardware and software information requests by remote unauthenticated users. Impact A remote attacker could obtain the hardware and software configuration information on the vulnerable system...
Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)
Overview Access Analyzer CGI Standard Version Ver. 3.x from futomi's CGI Cafe contains a cross-site scripting vulnerability. Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version Ver. 3.x contains a...
JVN#23558374 Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)
Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version Ver. 3.x contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
MP Form Mail CGI vulnerability allows third party to gain administrative privileges
Overview MP Form Mail CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allow...
JVN#84899898 MP Form Mail CGI vulnerability allows third party to gain administrative privileges
MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of MP Form Mail CGI...
Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras
Overview The ActiveX Control for Sony SNC series network cameras contains a heap-based buffer overflow vulnerability. The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer...
PEAK XOOPS piCal cross-site scripting vulnerability
Overview piCal from PEAK XOOPS contains a cross-site scripting vulnerability. piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Masako Oono of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with...
Multiple Vulnerabilities in uCosminexus Portal Framework
Overview uCosminexus Portal Framework contains multiple vulnerabilities. Impact A remote attacker could perform malicious acts, such as information leaking, identity spoofing and updating data with wrong values. Solution Please refer to the 'Vendor Information' section for the official...
JP1/Cm2/Network Node Manager Denial of Service (DoS) Vulnerability
Overview A vulnerability in JP1/Cm2/Network Node Manager NNM could cause a denial of service DoS condition when using the Shared Trace Service. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer to the 'Vendor Information' section for the official...
Apache Tomcat information disclosure vulnerability
Overview Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may result in...
Vulnerability allowing Viewing/Updating of Other Users' Information in Groupmax World Wide Web Desktop Version 6
Overview In Groupmax World Wide Web Desktop Version 6, a vulnerability exists in which the information of other users can be viewed and/or updated under a load balancing environment. Impact There is the possibility that information of other users may be viewed and/or updated under a load balancin...
JVN#66905322: Apache Tomcat information disclosure vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request. Impact A remote attacker could possibly obtain user...
JVN#91591874 PEAK XOOPS piCal cross-site scripting vulnerability
piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#16767117 Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras
The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables. Impact A remote attacker cou...
FAST ESP cross-site scripting vulnerability
Overview FAST ESP, an enterprise search platform from Microsoft, contains a cross-site scripting vulnerability. FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability...
Becky! Internet Mail buffer overflow vulnerability
Overview Becky! Internet Mail contains a buffer overflow vulnerability. Becky! Internet Mail is an email client software. Becky! Internet Mail contains a buffer overflow vulnerability as it does not properly handle read receipt requests. Yuji Ukai of Fourteenforty Research Institute, Inc. reporte...
JVN#29641290 Becky! Internet Mail buffer overflow vulnerability
Becky! Internet Mail is an email client software. Becky! Internet Mail contains a buffer overflow vulnerability as it does not properly handle read receipt requests. Impact If the user views a specially crafted email and allows a read receipt to be sent, arbitrary code may be executed. Solution...
JVN#45184501 FAST ESP cross-site scripting vulnerability
FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software An update i...
Multiple Vulnerabilities Concerning Hitachi Web Server
Overview Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server. 3. Cross-site scripting vulnerability due to...
Fulltext search CGI vulnerability allows third party to gain administrative privileges
Overview Fulltext search CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain...
JVN#80771386 Fulltext search CGI vulnerability allows third party to gain administrative privileges
Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of fulltext search CGI. Solution Update the Software Update ...
Oracle WebLogic Server vulnerable to cross-site scripting
Overview Oracle WebLogic Server formerly BEA WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Daiki Fukumori of...
JVN#93431860 Oracle WebLogic Server vulnerable to cross-site scripting
Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates...
Cisco IOS cross-site scripting vulnerability
Overview The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. A wide range of versions are affected. If...
JVN#28344798 Cisco IOS cross-site scripting vulnerability
Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest firmware provided by...
Movable Type Enterprise cross-site scripting vulnerability
Overview Movable Type Enterprise contains a cross-site scripting vulnerability. Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. This vulnerability has been fixed in...
MODx vulnerable to SQL injection
Overview MODx, an open source contents management system, contains a SQL injection vulnerability. MODx, an open source contents management system, contains a SQL injection vulnerability in the MODx Control Panel. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability ...
MODx cross-site request forgery vulnerability
Overview MODx, an open source contents management system, contains a cross-site request forgery vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
MODx cross-site scripting vulnerability
Overview MODx, an open source contents management system, contains a cross-site scripting vulnerability. MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
JVN#66828183 MODx cross-site request forgery vulnerability
MODx, an open source contents management system, contains a cross-site request forgery vulnerability. Impact A remote attacker may modify contents managed by MODx if the user views a malicious web page while logged in to MODx. Solution Update the software and change the configuration Apply the...
JVN#10170564 MODx cross-site scripting vulnerability
MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6.2 and earlier...
JVN#72630020 MODx vulnerable to SQL injection
MODx, an open source contents management system, contains a SQL injection vulnerability in the MODx Control Panel. Impact A remote attacker could obtain administrative privileges of MODx. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6....
MyNETS cross-site scripting vulnerability
Overview MyNETS, an open source SNS software, contains a cross-site scripting vulnerability. MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary...
JVN#71945722 Movable Type Enterprise cross-site scripting vulnerability
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
JVN#36802959 MyNETS cross-site scripting vulnerability
MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...
BlackJumboDog authentication bypass vulnerability
Overview BlackJumboDog from SapporoWorks contains an authentication bypass vulbnerability. BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability. Tsuyoshi Ishibashi of Mitsui Bussan Secure...
Mayaa cross-site scripting vulnerability
Overview Mayaa from Seasar Project contains a cross-site scripting vulnerability. Mayaa from Seasar Project is an open source Java template engine. The default error page that Mayaa displays contains a cross-site scripting vulnerability. Tetsuo Nakamura of NEC Soft,Ltd. reported this vulnerabilit...
JVN#98063934 BlackJumboDog authentication bypass vulnerability
BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability Impact A remote attacker can bypass authentication of BlackJumboDog. As a result, the attacker gains access to the server and information may...
JVN#17298485 Mayaa cross-site scripting vulnerability
Mayaa from Seasar Project is an open source Java template engine. The default error page that Mayaa displays contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Apply the latest update provided by the...
PHP vulnerable to cross-site scripting
Overview PHP contains a cross-site scripting vulnerability. PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Tomoki Sanaki of International Network Security, Inc. report...
JVN#50327700 PHP vulnerable to cross-site scripting
PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Overview Access Analyzer CGI from futomi's CGI Cafe contains a predictable session ID vulnerability. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could...
JVN#07468800 Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could impersonate an administrator of Access Analyzer CGI. As a result, a remote attacker could view access...
Groupmax Workflow - Development Kit for Active Server Pages Cross-Site Scripting Vulnerability
Overview Groupmax Workflow - Development Kit for Active Server Pages contains a cross-site scripting vulnerability. Impact A remote attacker could have the users execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...
Groupmax Collaboration - Schedule Mis-scheduling Problem: Unintended Members Included When Reservations are Made by Secretary
Overview In the event a secretary makes a reservation using Groupmax Collaboration - Schedule, there might be a scheduling error that causes unintended members to also have the event included in their schedules. Impact There is a possibility that unintended members one's self, superior, or...
Movable Type Enterprise cross-site scripting vulnerability
Overview Movable Type Enterprise contains a cross-site scripting vulnerability. Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Yosuke HASEGAWA of...
JVN#02216739 Movable Type Enterprise cross-site scripting vulnerability
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Impact An arbitrary script may be executed on an user's web browser. Solution Update the Software Update...
I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability
Overview The HDL-F series products from I-O DATA DEVICE, INC. are LAN connectable hard disk drives. The web interface for administration in the products contains a cross-site request forgery vulnerability. The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk...
JP1/VERITAS NetBackup JAVA Administration GUI Privilege Escalation Vulnerability
Overview The JAVA Administration Graphical User Interface GUI in JP1/VERITAS NetBackup contains a privilege escalation vulnerability. Impact A remote authenticated attacker could gain escalated privileges. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...