Subscribe: JVNDB RSS Feed - 2007 Years Entry
http://jvndb.jvn.jp/en/rss/years/jvndb_2007.rdf
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
buffer overflow  cross site  cross  scripting vulnerability  scripting  site scripting  site  software  vulnerability  web 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: JVNDB RSS Feed - 2007 Years Entry

JVNDB RSS Feed - 2007 Years Entry



JVN iPedia Yearly Entry



Published: 2018-04-15T09:03:48+09:00

 



Serene Bach cross-site scripting vulnerability

2008-05-21T00:00+09:00

Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability.



Drupal cross-site scripting vulnerability

2008-05-21T00:00+09:00

Drupal, an open source content management system, contains a cross-site scripting vulnerability. This vulnerability is different from JVN#82240092.



Fresh Reader RSS feed cross-site scripting vulnerability

2008-05-21T00:00+09:00

Fresh Reader from sidefeed, Inc. is a server-side web application that manages RSS information. Fresh Reader contains an RSS feed cross-site scripting vulnerability.



Movable Type cross-site scripting vulnerability

2008-05-21T00:00+09:00

Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. This vulnerability is different from JVN#68295640.



phpAdsNew cross-site scripting vulnerability

2008-05-21T00:00+09:00

phpAdsNew, an open source web advertising management system, contains a cross-site scripting vulnerability. Note that phpAdsNew is now called "Openads." The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. - phpPgAds 2.0.9-pr1 and earlier - Max Media Manager v0.1.29-rc and earlier - Max Media Manager v0.3.30-alpha and earlier All users of these products are encouraged to update to the latest versions provided by the developer. The updated versions of each product are listed below: - The updated version of phpAdsNew 2.0.9-pr1 is Openads 2.0.10. - The updated version of phpPgAds 2.0.9-pr1 is Openads for PostgreSQL 2.0.10. - The updated version of Max Media Manager v0.1.29-rc and v0.3.30-alpha is Openads 2.3.31.



CGI RESCUE WebFORM vulnerable to HTTP header injection

2008-05-21T00:00+09:00

WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.



CGI RESCUE WebFORM vulnerable to cross-site scripting

2008-05-21T00:00+09:00

WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.



CGI RESCUE WebFORM missing mail content vulnerability

2008-05-21T00:00+09:00

WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.



Shopping Basket Professional vulnerable to OS command injection

2008-05-21T00:00+09:00

Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data.



b2evolution cross-site scripting vulnerability

2008-05-21T00:00+09:00

b2evolution, a blog publishing system, contains a cross-site scripting vulnerability.



Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

2008-05-21T00:00+09:00

Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).



Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

2008-05-21T00:00+09:00

Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).



MODx cross-site scripting vulnerability

2008-05-21T00:00+09:00

MODxl, an open source content management system, contains a cross-site scripting vulnerability.



CCC Cleaner buffer overflow vulnerability

2008-05-21T00:00+09:00

CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed executables found in TrendMicro Antivirus. For details of this vulnerability, please refer to TrendMicro's website. CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder. Filenames: lpt$vpn.185 As of February 13, 2006, Trend Micro has announced that the vulnerability "the Anti-Rootkit Common Module (TmComm.sys)" disclosed on February 11, 2006 does not affect CCC Cleaner. For more information, refer to the vendor's website.



Sage vulnerable to arbitrary script execution

2008-05-21T00:00+09:00

Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser.



CCC Cleaner buffer overflow vulnerability

2008-05-21T00:00+09:00

CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed executables found in TrendMicro Antivirus. For details of this vulnerability, please refer to TrendMicro's website. CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder. Filenames: lpt$vpn.185 As of February 13, 2006, Trend Micro has announced that the vulnerability "the Anti-Rootkit Common Module (TmComm.sys)" disclosed on February 11, 2006 does not affect CCC Cleaner. For more information, refer to the vendor's website.



Adobe JRun cross-site scripting vulnerability

2008-05-21T00:00+09:00

Adobe JRun is an application server based on J2EE (Java 2 Platform Enterprise Edition). Adobe JRun contains a cross-site scripting vulnerability.



ColdFusion cross-site scripting vulnerability

2008-05-21T00:00+09:00

ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability. According to the statements from the developer, this vulnerability does not arise when the "Enable Global Script Protection" setting is turned on. This vulnerability is different from JVN#48566866.



ColdFusion error page cross-site scripting vulnerability

2008-05-21T00:00+09:00

ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability in its error page. This vulnerability is different from JVN#28356427.



Ariel AirOne series cross-site scripting vulnerability

2008-05-21T00:00+09:00

The Ariel AirOne series, from Ariel Networks, contain a cross-site scripting vulnerability.



Mozilla Firefox cross-site scripting vulnerability

2008-05-21T00:00+09:00

Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability. Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.



CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables

2008-05-21T00:00+09:00

CCC Cleaner, provided from Cyber Clean Center between January 25 and March 12, 2007, contains a division-by-zero vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by the "Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability" on TrendMicro's anti-virus product. For details of this vulnerability, please refer to the information provided by TrendMicro. This vulnerability is different from "JVN#77366274: CCC Cleaner buffer overflow vulnerability."



Trac cross-site scripting vulnerability

2008-05-21T00:00+09:00

Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability which affects Microsoft Internet Explorer.



FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

2008-05-21T00:00+09:00

Fujitsu's encryption software FENCE-Pro and Systemwalker Desktop Encryption share the same components. A vulnerability exists in self-decoding files created using this software.



Interstage Application Server cross-site scripting vulnerability

2008-05-21T00:00+09:00

The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as "Servlet Service for Interstage Operation Management" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability. As of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor's website.



NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

2008-05-21T00:00+09:00

NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly.



BASP21 vulnerable to mail header injection

2016-10-13T14:45+09:00

BASP21 provided by B21Soft, Inc. is a component for Windows applications. BASP21 contains a mail header injection vulnerability. Tomoki Sanaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.



CruiseWorks and Minna De Office vulnerable in access restrictions

2008-05-21T00:00+09:00

CruiseWorks and Minna De Office are groupware. They contain a vulnerability that the user's access restriction is not properly set.



MailDwarf cross-site scripting vulnerability

2008-05-21T00:00+09:00

MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability.



MailDwarf vulnerability allows unauthorized sending of emails

2008-05-21T00:00+09:00

MailDwarf, released from HTML Dwarf, is a CGI program that enables a user to send e-mail message via web page. MailDwarf contains a vulnerability that allows unauthorized email to be sent to a different address set by the administrator.



Overlay Weaver cross-site scripting vulnerability

2008-05-21T00:00+09:00

Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability.



open-gorotto cross-site scripting vulnerability

2008-05-21T00:00+09:00

open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames.



Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability

2008-05-21T00:00+09:00

Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability.



InfoBarrier4 self-decrypted file vulnerability

2008-05-21T00:00+09:00

InfoBarrier4 provided by FFC Limited contains a vulnerability in self-decrypted files created using InfoBarrier4 encryption.



APOP password recovery vulnerability

2009-08-06T11:39+09:00

POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.



Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability

2008-07-11T13:47+09:00

Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard. The vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.



Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

2008-05-21T00:00+09:00

Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability.



Lunascape RSS reader arbitrary script execution vulnerability

2008-05-21T00:00+09:00

A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled.



Java Web Start vulnerable to execution of unauthorized system classes

2008-06-06T16:22+09:00

Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes. Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.



Homepage Builder sample CGI programs vulnerable to OS command injection

2008-05-21T00:00+09:00

Some of the CGI sample programs included in Homepage Builder provided by IBM Japan contains a vulnerability which may allow an attacker to inject an arbitrary OS command. According to the vendor, it is confirmed that vulnerable CGI sample programs are not included in the demo versions of each product.



SquirrelMail vulnerable to cross-site scripting

2011-01-07T14:39+09:00

SquirrelMail contains a cross-site scripting vulnerability. SquirrelMail from SquirrelMail Project is an open source webmail (web-based email). SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Yosuke Hasegawa from Matcha139 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.



Advance-Flow cross-site scripting vulnerability

2008-05-21T00:00+09:00

Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form. Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms are not affected by this vulnerability and some are, depending on the contents of the application forms.



HP System Management Homepage cross-site scripting vulnerability

2008-05-21T00:00+09:00

A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage (SMH). HP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting vulnerability. The vendor recommends users to upgrade to SMH, as Compaq System Management Homepage is an outdated product and is no longer available. For more information, refer to the vendor's website.



Meneame cross-site scripting vulnerability

2008-05-21T00:00+09:00

Meneame, an open source social bookmark system, contains a cross-site scripting vulnerability. Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data.



ADPLAN cross-site scripting vulnerability

2008-05-21T00:00+09:00

ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO (search engine optimization) module. ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO (search engine optimization) module. A website that employs ADPLAN Version 3 service generates a web page using the HTTP header information sent from a client web browser. However, as the HTTP header information sent from a user's web browser is not handled correctly by ADPLAN Version 3, an arbitrary script could be executed on the user's web browser if the user is forced to visit a site using ADPLAN service through an attack.



Internet Explorer vulnerable in MHTML handling

2008-05-21T00:00+09:00

Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express component, and Microsoft provides the fix of the vulnerability for this component.



Internet Explorer vulnerable in handling MHTML protocol

2008-05-21T00:00+09:00

Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows the download dialog box to be bypassed. Some versions of Outlook Express are affected because the vulnerability is contained in Outlook Express component used by Internet Explorer. When Internet Explorer accesses a website using MHTML (MIME Encapsulation of Aggregate HTML), Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be displayed when downloading. The MHTML protocol handler is included in Outlook Express component, and Microsoft provides the fix for this componet.



dotProject cross-site scripting vulnerability

2008-05-21T00:00+09:00

dotProject, an open source project management tool, contains a cross-site scripting vulnerability. This vulnerability is different from JVN#97636431.



Apache Tomcat sample web application cross-site scripting vulnerability

2008-07-11T13:48+09:00

Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. jsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability.



Apache Tomcat cross-site scripting vulnerability

2008-07-11T13:48+09:00

Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies. Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability.



RaidenHTTPD cross-site scripting vulnerability

2008-05-21T00:00+09:00

RaidenHTTPD, from Sonei Information Systems (TEAM JOHNLONG), contains a cross-site scripting vulnerability. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability.



Hiki arbitrary file deletion vulnerability

2008-05-21T00:00+09:00

Hiki, a Wiki clone software developed by Hiki Development Team, contains a vulnerability that allows a remote attacker to delete arbitrary files. Hiki contains a vulnerability that allows an arbitrary file to be deleted on a server running Hiki. This is caused by the improper handling of a session management file.



rktSNS cross-site scripting vulnerability

2008-05-21T00:00+09:00

rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability.



sHTTPd cross-site scripting vulnerability

2008-05-21T00:00+09:00

sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability. sHTTPd from Uchu Ninja Neko-dan is a web server for Windows. sHTTPd contains a cross-site scripting vunerability.



Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability

2008-05-21T00:00+09:00

Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 (CVE-2007-3375).



KDDI sample CGI download program directory traversal vulnerability

2008-05-21T00:00+09:00

A directory traversal vulnerability exists in a sample CGI download program included with KDDI's EZFactory. A sample CGI download program is included with KDDI's EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory traversal vulnerability exists in this program.



Flash Player allows to send arbitrary Referer headers

2008-05-21T00:00+09:00

Flash Player from Adobe contains a vulnerability allowing to send arbitrary Referer headers. Flash Player from Adobe is a multimedia and application browser plugin for viewing Adobe Flash contents. Flash Player contains a vulnerability allowing to send arbitrary Referer headers.



Nessus report function vulnerable to arbitrary script execution

2008-05-21T00:00+09:00

Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report.



Aruba Mobility Controller Series cross-site scripting vulnerability

2008-05-21T00:00+09:00

Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability. Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens.



Yayoi Kaikei improper handling of credential information

2008-05-21T00:00+09:00

Yayoi Kaikei Quick Navigator sends user credentials unencrypted. Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted.



Safari URL spoofing vulnerability

2008-05-21T00:00+09:00

Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar. Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.



WebCart cross-site scripting vulnerability

2008-05-21T00:00+09:00

WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability.



Apache Tomcat Host Manager cross-site scripting vulnerability

2008-05-21T00:00+09:00

Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. The Host Manager Servlet does not properly filter user supplied data. This enables an cross-site scripting attack.



Tuigwaa cross-site scripting vulnerability

2008-05-21T00:00+09:00

Tuigwaa, from the Tuigwaa Project, contains a cross-site scripting vulnerability. Tuigwaa from the Tuigwaa Project is open source software to develop web applications. Tuigwaa contains a cross-site scripting vulnerability.



Mayaa cross-site scripting vulnerability

2008-05-21T00:00+09:00

Mayaa, a Java template engine from the Seasar Project, contains a cross-site scripting vulnerability. Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa.



Shopping Basket Pro directory traversal vulnerability

2008-05-21T00:00+09:00

A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE. Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro.



Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting

2008-05-21T00:00+09:00

Fulltext search CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability.



7-ZIP32.DLL buffer overflow vulnerability

2008-05-21T00:00+09:00

7-ZIP32.DLL, a library for compression and decompression supporting 7z, zip, and some other format files, contains a buffer overflow vulnerability. 7-ZIP32.DLL is an open source library for compression and decompression supporting 7z, zip, and some other format files. 7-ZIP32.DLL is based on "Integrated Archiver API Specification", and called from the compression/decompression software. 7-ZIP32.DLL contains a buffer overflow vulnerability. If a user decompresses and opens a specially crafted file, a remote attacker could possibly execute arbitrary code with the privilege of the user.



Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal

2008-05-21T00:00+09:00

httpd.pl from Fuktommy.com including an HTML preprocessor contains a directory traversal vulnerability. httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability.



Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code

2008-05-21T00:00+09:00

Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code. Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to view CGI source code in the server as it does not properly handle a specially crafted HTTP request.



Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files

2008-05-21T00:00+09:00

Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools. Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools.



Lhaplus buffer overflow vulnerability

2008-05-21T00:00+09:00

Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, arbitrary code could be executed with the privilege of the user.



JP1/NETM/DM Manager SQL Injection Vulnerability

2008-05-21T00:00+09:00

JP1/NETM/DM Manager for Windows is vulnerable to SQL injection where a relational database is used as the JP1/NETM/DM database. This could allow attackers to execute arbitrary SQL command and/or corrupt database when it receives a malformed request.



Cosminexus javadoc Cross-Site Scripting Vulnerability

2008-05-21T00:00+09:00

The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities.



Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java Buffer Overflow Vulnerabilities

2008-05-21T00:00+09:00

Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.



Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities

2008-05-21T00:00+09:00

The image-processing APIs in Cosminexus Developer's Kit for Java is vulnerable to buffer overflow and a Denial od Service (DoS).



Cosminexus Denial of Service Vulnerability

2008-05-21T00:00+09:00

JSSE (Java Secure Socket Extension) in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.



TPBroker Denial of Service Vulnerability

2008-05-21T00:00+09:00

TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor terminate abnormally when the TSC Domain Manager receives invalid messages.



Cosminexus Agent Process Crash Vulnerability

2008-05-21T00:00+09:00

Cosminexus Agent process may crash when Cosminexus Agent receives specially crafted data from a process other than Cosminexus Manager. The crash doesn't affect the running applications launched by Cosminexux Agent.



Safari allows access from HTTP to HTTPS

2008-05-21T00:00+09:00

Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session. Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain.



Aipo session fixation vulnerability

2008-05-21T00:00+09:00

Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker.



Webmin OS command injection vulnerability

2008-05-21T00:00+09:00

Webmin, a web-based system management tool, contains a vulnerability that allows an unauthorized Webmin user to execute OS commands. Webmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by entering a specially crafted URL.



PowerArchiver buffer overflow vulnerability

2008-05-21T00:00+09:00

PowerArchiver from ConeXware, Inc. contains a buffer overflow vulnerability. PowerArchiver, file compression/decompression software from ConeXware, Inc. supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, an attacker could execute arbitrary code with the privileges of the user.



Hitachi Web Server SSL Client Authentication Vulnerability

2014-05-23T18:32+09:00

Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.



Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page

2014-05-21T18:27+09:00

When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if the server-status reporting feature is disabled.



MouseoverDictionary vulnerable to arbitrary script execution

2008-05-21T00:00+09:00

MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script on the user's web browser as it does not handle the sidebar HTML page properly.



NetCommons cross-site scripting vulnerability

2008-05-21T00:00+09:00

NetCommons from the NetCommons Project contains a cross-site scripting vulnerability. NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions. NetCommons contains a cross-site scripting vulnerability. This vulnerability is different from JVN#51301450.



Lotus Domino cross-site scripting vulnerability

2008-05-21T00:00+09:00

IBM Lotus Domino contains a cross-site scripting vulnerability. IBM Lotus Domino is server software for Lotus Notes, groupware from IBM. Lotus Domino contains a cross-site scripting vulnerability.



Cross-site scripting vulnerability in updir.php in UPDIR.NET

2008-05-21T00:00+09:00

updir.php in UPDIR.NET contains a cross-site scripting vulnerability in the full-text search and file upload functions. updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload image files, etc. on the web server and publish and manage the uploaded files. updir.php contains a cross-site scripting vulnerability in the full-text search and file upload functions.



Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution

2008-05-21T00:00+09:00

Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web browser when the search result is displayed.



RoundCube Webmail cross-site request forgery vulnerability

2008-05-21T00:00+09:00

RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability. RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines.



Feed2JS cross-site scripting vulnerability

2008-05-21T00:00+09:00

Feed2JS (Feed to JavaScript), an open source web application, contains a cross-site scripting vulnerability. Feed2JS (Feed to JavaScript) is an open source web application which converts RSS feeds into JavaScript. Feed2JS contains a cross-site scripting vulnerability.



FileMaker cross-site scripting vulnerability

2008-05-21T00:00+09:00

FileMaker from FileMaker, Inc. contains a cross-site scripting vulnerability. FileMaker is database software from FileMaker, Inc. FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web.



Lhaplus buffer overflow vulnerability

2008-05-21T00:00+09:00

Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from JVN#70734805.



SonicStage CP buffer overflow vulnerability

2008-05-21T00:00+09:00

SonicStage CP is vulnerable to buffer overflow. Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension.



JP1/Cm2/Network Node Manager vulnerable to cross-site scripting

2008-05-21T00:00+09:00

Hitachi JP1/Cm2/Network Node Manager (NNM) is vulnerable to cross-site scripting. Hitachi JP1/Cm2/Network Node Manager (NNM) is software that helps a network administrator manage network configurations, faults, and other elements. Hitachi NNM is vulnerable to cross-site scripting.



HttpLogger vulnerable to cross-site scripting

2008-05-21T00:00+09:00

KLab HttpLogger is vulnerable to cross-site scripting. Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting.



Cybozu Office denial of service (DoS) vulnerability

2008-05-21T00:00+09:00

Cybozu Office contains a denial of service (DoS) vulnerability. Cybozu Office, web-based groupware, is vulnerable to a denial of service (DoS) attack because it fails to properly handle specially crafted HTTP requests.



Multiple Cybozu products vulnerable to cross-site scripting

2008-05-21T00:00+09:00

Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#90712589.



Multiple Cybozu products vulnerable to HTTP header injection

2008-05-21T00:00+09:00

Multiple Cybozu products are vulnerable to HTTP header injection. Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.