Softbank, NTT Docomo, KDDI Security Vulnerabilities
Unfixed XSS vulnerability at cpwstore.carpartswholesale.com
Security researcher holisticinfosec, has submitted on 25/01/2008 a cross-site-scripting (XSS) vulnerability affecting cpwstore.carpartswholesale.com, which at the time of submission ranked 41821 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...
AI Score
Unfixed XSS vulnerability at www.simonsays.com
Security researcher TreX, has submitted on 21/12/2007 a cross-site-scripting (XSS) vulnerability affecting www.simonsays.com, which at the time of submission ranked 44172 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/01/2008. It is...
AI Score
Unfixed XSS vulnerability at www.simonsays.com
Security researcher TreX, has submitted on 21/12/2007 a cross-site-scripting (XSS) vulnerability affecting www.simonsays.com, which at the time of submission ranked 44172 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/01/2008. It is...
AI Score
Unfixed XSS vulnerability at www.simonsays.com
Security researcher TreX, has submitted on 21/12/2007 a cross-site-scripting (XSS) vulnerability affecting www.simonsays.com, which at the time of submission ranked 44172 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/01/2008. It is...
AI Score
Unfixed XSS vulnerability at www.shoes.com
Security researcher tenest, has submitted on 12/11/2007 a cross-site-scripting (XSS) vulnerability affecting www.shoes.com, which at the time of submission ranked 6850 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/11/2007. It is currently...
-0.1AI Score
Unfixed XSS vulnerability at www.christianbook.com
Security researcher nights_shadow, has submitted on 12/07/2007 a cross-site-scripting (XSS) vulnerability affecting www.christianbook.com, which at the time of submission ranked 10669 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/07/2007....
-0.1AI Score
Fixed XSS vulnerability at www.orientaltrading.com
Security researcher tenest, has submitted on 28/11/2007 a cross-site-scripting (XSS) vulnerability affecting www.orientaltrading.com, which at the time of submission ranked 6618 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/11/2007. It is...
-0.1AI Score
Unfixed XSS vulnerability at www.bestwebbuys.com
Security researcher Fugitif, has submitted on 28/10/2007 a cross-site-scripting (XSS) vulnerability affecting www.bestwebbuys.com, which at the time of submission ranked 27889 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It is...
-0.1AI Score
Unfixed XSS vulnerability at www.alliedelec.com
Security researcher ap101, has submitted on 13/10/2007 a cross-site-scripting (XSS) vulnerability affecting www.alliedelec.com, which at the time of submission ranked 135916 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/10/2007. It is...
-0.1AI Score
Unfixed XSS vulnerability at search.lonelyplanet.com
Security researcher kaksii, has submitted on 17/09/2007 a cross-site-scripting (XSS) vulnerability affecting search.lonelyplanet.com, which at the time of submission ranked 3593 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007. It is...
AI Score
Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting
Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site...
-0.5AI Score
-0.7AI Score
0.009EPSS
CVE-2007-3386: XSS in Host Manager
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3386: XSS in Host Manager Severity: Low (Cross-site scripting) Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 Description: The Host Manager Servlet does not filter user supplied data before display....
0.2AI Score
0.009EPSS
7.4AI Score
EPSS
Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name...
6.7AI Score
0.007EPSS
Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name...
7.2AI Score
0.007EPSS
Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name...
6.7AI Score
0.007EPSS
Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name...
6.7AI Score
0.007EPSS
JVN#33593387 KDDI sample CGI download program directory traversal vulnerability
A sample CGI download program is included with KDDI's EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory traversal vulnerability exists in this program. ## Impact A remote anauthenticated attacker could access files on the...
6.7AI Score
Unfixed XSS vulnerability at www10.finishline.com
Security researcher tenest, has submitted on 06/11/2007 a cross-site-scripting (XSS) vulnerability affecting www10.finishline.com, which at the time of submission ranked 7893 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/11/2007. It is...
-0.1AI Score
PHP是一款广泛使用的WEB开发脚本语言。 PHP zip_read_entry()函数存在整数溢出问题,远程攻击者可利用此漏洞以应用程序权限执行任意指令。 zip_read_entry()函数没有对提供的长度参数进行任何检查,因此当增加一个字节到终止ASCIIZ字符时会在内存分配时出现整数溢出: buf = emalloc(len + 1); ret = zzip_read(entry->fp, buf, len); buf[ret] = 0; ...
6.9AI Score
PHP BZip2/Zip Wrappers模块多个Safe_Mode和Open_Basedir限制绕过漏
PHP是一款广泛使用的WEB开发脚本语言。 PHP包含的BZip2/Zip Wrappers模块存在限制绕过问题,远程攻击者可利用此漏洞写任意文件信息到未授权位置或访问敏感信息。 bz2扩展定义的compress.bzip2:// URL Wrapper和PECL zip定义的zip:// URL没有执行任意safemode或open_basedir限制,可导致绕过安全限制,写任意文件信息到未授权位置或访问敏感信息。 PHP PHP 5.2.1 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP....
6.8AI Score
Unfixed XSS vulnerability at www.kitchenaid.com
Security researcher RubberDuck, has submitted on 23/02/2007 a cross-site-scripting (XSS) vulnerability affecting www.kitchenaid.com, which at the time of submission ranked 35435 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/03/2007. It is...
AI Score
Fixed XSS vulnerability at www.brookstone.com
Security researcher tenest, has submitted on 02/09/2007 a cross-site-scripting (XSS) vulnerability affecting www.brookstone.com, which at the time of submission ranked 35174 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/09/2007. It is...
-0.1AI Score
Gracenote CDDB ActiveX control buffer overflow
Overview The Gracenote CDDB ActiveX control contains a buffer overflow vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description CDDB CDDB (CD Data Base) is an internet database provided by Gracenote. CDDB contains track lists and other...
AI Score
0.533EPSS
====================================================================== Issue: Abruptly-severed Windows Media session can cause resource leak Date: 15 December 2000 Affected Software: Windows Media Services 4.01 and 4.1 Impact: Denial of...
2AI Score