JVNDB RSS Feed - 2006 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-24T09:10:24+09:002024-03-24T09:10:24+09:00SquirrelMail cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000251.html
SquirrelMail is a web-based email program provided by the SquirrelMail Project. SquirrelMail contains a cross-site scripting vulnerability as it does not adequately handle HTML email.JVNDB-2006-000251http://jvn.jp/en/jp/JVN83263796/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0195http://secunia.com/advisories/18985/http://www.securityfocus.com/bid/16756http://www.frsirt.com/english/advisories/2006/0689cpe:/a:squirrelmail:squirrelmailcpe:/o:redhat:enterprise_linux2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Sun Java System Web Server cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000293.html
Sun Java System Web Server (originally called Sun ONE Web Server) contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page.JVNDB-2006-000293http://jvn.jp/en/jp/JVN03D5EAA8/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2501http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2501http://www.kb.cert.org/vuls/id/114956http://www.securityfocus.com/bid/18035cpe:/a:sun:java_system_application_servercpe:/a:sun:java_system_web_servercpe:/a:sun:one_application_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Mozilla Firefox vulnerable to HTTP response splitting
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html
(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.
(2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.JVNDB-2006-000326http://jvn.jp/en/jp/JVN62734622/index.htmlhttp://jvn.jp/en/jp/JVN28513736/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2786http://www.securityfocus.com/bid/18228http://www.frsirt.com/english/advisories/2006/2106cpe:/a:mozilla:firefoxcpe:/a:mozilla:seamonkeycpe:/a:mozilla:thunderbirdcpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:linux_advanced_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Microsoft Internet Explorer address bar spoofing vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000345.html
Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while the spoofed content remains under the control of the remote attacker.JVNDB-2006-000345http://jvn.jp/cert/JVNTA06-164A/index.htmlhttp://jvn.jp/en/jp/JVN74969119/index.htmlhttp://jvn.jp/tr/TRTA06-164A/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2384http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2384http://www.us-cert.gov/cas/alerts/SA06-164A.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-164A.htmlhttp://www.securityfocus.com/bid/18321http://www.frsirt.com/english/advisories/2006/2319cpe:/a:microsoft:internet_explorercpe:/o:microsoft:windows-9xcpe:/o:microsoft:windows_2000cpe:/o:microsoft:windows_server_2003cpe:/o:microsoft:windows_xp2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000392.html
Safe level is a security model provided by Ruby language that limits the operation of untrusted objects. A vulnerability that allows an attacker to bypass the safe level restrictions and execute inaccessible methods (ex. destructive methods) was confirmed.JVNDB-2006-000392http://jvn.jp/en/jp/JVN13947696/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3694http://secunia.com/advisories/21009/http://www.securityfocus.com/bid/18944http://www.frsirt.com/english/advisories/2006/2760https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ruby-lang:rubycpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linux2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Microsoft Windows Indexing Service cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000540.html
Microsoft Windows Indexing Service contains a cross-site scripting vulnerability.JVNDB-2006-000540http://jvn.jp/cert/JVNTA06-255A/http://jvn.jp/en/jp/JVN52201480/index.htmlhttp://jvn.jp/tr/TRTA06-255Ahttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0032http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0032http://www.us-cert.gov/cas/alerts/SA06-255A.htmlhttp://www.kb.cert.org/vuls/id/108884http://www.us-cert.gov/cas/techalerts/TA06-255A.htmlhttp://secunia.com/advisories/21861http://www.securityfocus.com/bid/19927http://www.frsirt.com/english/advisories/2006/3564cpe:/o:microsoft:windows_2000cpe:/o:microsoft:windows_server_2003cpe:/o:microsoft:windows_xp2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Nagasaki Electronic Prefectural Office System vulnerable to bypass authentication
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000599.html
Nagasaki Prefectural Government has developed an open source electronic prefectural office system. Some of the system contain a vulnerability to bypass authentication.JVNDB-2006-000599http://jvn.jp/en/jp/JVN836B21C0/index.htmlcpe:/a:misc:nagasaki_electron_prefecture_of_annual_vacation_systemcpe:/a:misc:nagasaki_electron_prefecture_of_muniment_systemcpe:/a:misc:nagasaki_electron_prefecture_of_web_red_book_systemcpe:/a:misc:nagasaki_electron_prefecture_system_of_integration_main_menu2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Nagasaki Electronic Prefectural Office System authentication information vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000600.html
Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system hardcodes some credential information and a remote attacker could impersonate genuine users.JVNDB-2006-000600http://jvn.jp/en/jp/JVN6CA72ADB/index.htmlcpe:/a:misc:nagasaki_electron_prefecture_of_web_red_book_system2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Eudora Japanese version stops working after the application crashes
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000601.html
Eudora is a mail client from QUALCOMM. The Eudora Japanese version sold by Livedoor contains a vulnerability to crash, caused by previewing an email that has a corrupt image attachment.JVNDB-2006-000601http://jvn.jp/en/jp/JVN73133641/index.htmlcpe:/a:eudora:eudora2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple email clients vulnerable in handling an attachement inapropriately
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000602.html
Some email clients contain a vulnerability which may crash themselves as they do not properly handle an attached file with an particular file name.JVNDB-2006-000602http://jvn.jp/en/jp/JVN89344424/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2087http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2087http://secunia.com/advisories/19840http://xforce.iss.net/xforce/xfdb/26099http://www.frsirt.com/english/advisories/2006/1539http://www.osvdb.org/24969cpe:/a:hitachi:groupmail_clientcpe:/a:hitachi:groupmax_integrated_desktopcpe:/a:hitachi:groupmax_world_wide_web_desktopcpe:/a:hitachi:mail_client2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hatena Toolbar sends URL information unecnrypted
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000603.html
Hatena Toolbar improperly sends URL information to the Hatena server without being encrypted when a user views a web page secured by SSL.JVNDB-2006-000603http://jvn.jp/en/jp/JVN77886599/index.htmlcpe:/a:hatena:toolbar2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Nagasaki Electronic Prefectural Office System SQL injection vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000604.html
Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities.JVNDB-2006-000604http://jvn.jp/en/jp/JVN41550845/index.htmlcpe:/a:misc:nagasaki_electron_prefecture_of_annual_vacation_systemcpe:/a:misc:nagasaki_electron_prefecture_of_muniment_systemcpe:/a:misc:nagasaki_electron_prefecture_of_web_red_book_system2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hyper NIKKI System allows unauthorized email submission
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000605.html
Hyper NIKKI System (hns) is web log software from the Hyper NIKKI System Project. hns allows unauthorized email submission as it does not validate inputs properly.JVNDB-2006-000605http://jvn.jp/en/jp/JVN65542239/index.htmlcpe:/a:hns:hns2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000606.html
The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2.JVNDB-2006-000606http://jvn.jp/en/jp/JVN27365476/index.htmlcpe:/a:misc:minnus_filer22008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CAFEMILK Shopping Cart CGI cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000609.html
CAFEMILK Shopping Cart CGI contains a cross-site scripting vulnerability as it does not properly validate input strings.JVNDB-2006-000609http://jvn.jp/en/jp/JVN78363061/index.htmlcpe:/a:misc:cafemilk_shopping_cart2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00QUICK CART OS command injection vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000610.html
QUICK CART is a shopping cart system that provides functionalities used for managing an Internet store.
An OS command injection vulnerability exists in QUICK CART as it does not properly validate the user input.JVNDB-2006-000610http://jvn.jp/en/jp/JVN10222000/index.htmlcpe:/a:misc:quick_cart2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00QUICK CART cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000611.html
QUICK CART is a shopping cart system for building Internet shop sites.
QUICK CART contains a cross-site scripting vulnerability as it does not validate inputs properly.JVNDB-2006-000611http://jvn.jp/en/jp/JVN68630618/index.htmlcpe:/a:misc:quick_cart2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00FreeStyleWiki cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000612.html
FreeStyleWiki, a Wiki clone program implemented in Perl, contains a cross-site scripting vulnerability.JVNDB-2006-000612http://jvn.jp/en/jp/JVN35274905/index.htmlcpe:/a:fswiki:wiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Trac cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000613.html
Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability.JVNDB-2006-000613http://jvn.jp/en/jp/JVN84091359/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2106http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2106http://secunia.com/advisories/19870http://www.securityfocus.com/bid/17741http://securitytracker.com/id?1015986http://www.frsirt.com/english/advisories/2006/1557cpe:/a:misc:interact_traccpe:/a:trac:trac2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Winny buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000614.html
Winny, P2P file-sharing (exchange) software, contains a buffer overflow vulnerability.
As of May 25, 2006, exploit information is publicly available. Currently we are not aware of any attacks. It is recommended that users avoid using Winny.JVNDB-2006-000614http://jvn.jp/en/jp/JVN74294680/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2007http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2007http://www.kb.cert.org/vuls/id/167033http://secunia.com/advisories/19795http://www.securityfocus.com/bid/17666http://www.frsirt.com/english/advisories/2006/1486http://www.osvdb.org/24883cpe:/a:winny:winny2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Apache Struts Validator allows to bypass input data validation
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000615.html
Apache Struts is a Web application framework from the Apache Software Foundation.
Apache Struts contains a vulnerability allowing to bypass input data validation by the Validator.JVNDB-2006-000615http://jvn.jp/en/jp/JVN72225922/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1546http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1546http://secunia.com/advisories/19493http://www.securityfocus.com/bid/17342http://securitytracker.com/id?1015856http://www.frsirt.com/english/advisories/2006/1205cpe:/a:apache:strutscpe:/a:nec:openmeister_enterprise2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00DonutP and UnDonut confirmation dialog display vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000616.html
DonutP and its successor, unDonut, are IE-based tabbed web browsers. In DonutP and old versions of unDonut, Donut.P API does not require explicit user consent. Therefore DonutP and unDonut contain a vulnerability which may allow an attacker to execute a cross-site scripting and other attacks.
DonutP.API is disabled by default, so this vulnerability only affects users who have activated it.
In unDonut release10-beta-2 and later versions, the function displaying a dialog when a script is executed is enabled by default, and it requires an user's confirmation whether the script should be executed or not.
Users of DonutP or old versions of unDonut are recommended to upgrade to the latest version of unDonut. Users are also recommended to enable the confirmation dialog display function when a script is to be executed.JVNDB-2006-000616http://jvn.jp/en/jp/JVN7F8621DE/index.htmlcpe:/a:misc:undonut_donutpcpe:/a:misc:undonut_undonut2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000617.html
Some email clients contain a vulnerability when handling an attached file with a file name using unicode. This may result in a directory traversal attack or displaying a file name diffrently from the actual file name.JVNDB-2006-000617http://jvn.jp/en/jp/JVN84775942/index.htmlcpe:/a:misc:pasericpe:/a:ricoh:ridoc_document_routercpe:/a:rimarts_inc.:becky_internet_mail2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00MyWeb SQL injection vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000619.html
Groupware MyWeb contains a SQL injection vulnerability.JVNDB-2006-000619http://jvn.jp/en/jp/JVN55425662/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2517http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2517http://secunia.com/advisories/20178http://xforce.iss.net/xforce/xfdb/26622http://securitytracker.com/id?1016133http://www.frsirt.com/english/advisories/2006/1898cpe:/a:fujitsu:myweb2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00RWiki arbitrary Ruby script execution vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000620.html
RWiki, one of Wiki clones, contains a vulnerability allowing execution of arbitrary Ruby scripts on its edit mode page.JVNDB-2006-000620http://jvn.jp/en/jp/JVN46691257/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2582http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2582http://secunia.com/advisories/20264http://xforce.iss.net/xforce/xfdb/26668http://www.frsirt.com/english/advisories/2006/1949cpe:/a:rwiki:rwiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00RWiki cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000621.html
RWiki, software written in Ruby providing Wiki functions, contains a cross-site scripting vulnerability, as content is not adequately escaped for display.JVNDB-2006-000621http://jvn.jp/en/jp/JVN16558862/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2581http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2581http://secunia.com/advisories/20264http://xforce.iss.net/xforce/xfdb/26664http://www.frsirt.com/english/advisories/2006/1949cpe:/a:rwiki:rwiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00dotProject cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000622.html
dotProject, an open source project management tool, contains a cross-site scripting vulnerability.
As of June 5, 2006, it is confirmed that Internet Explorer is affected by this vulnerability. It is also confirmed that Mozilla Firefox and Opera are not affected by this vulnerability.JVNDB-2006-000622http://jvn.jp/en/jp/JVN97636431/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2851http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2851http://secunia.com/advisories/20418http://www.securityfocus.com/bid/18275http://www.frsirt.com/english/advisories/2006/2124cpe:/a:dotproject:dotproject2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Joomla! cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000623.html
Joomla!, an open source content management system, contains a cross-site scripting vulnerability.JVNDB-2006-000623http://jvn.jp/en/jp/JVN79484135/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3481http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3481http://secunia.com/advisories/20874/http://www.securityfocus.com/bid/18742http://www.frsirt.com/english/advisories/2006/2608http://www.osvdb.org/26912cpe:/a:joomla:joomla2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CGI RESCUE WebFORM allows unauthorized email transmission
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000624.html
WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.
According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.JVNDB-2006-000624http://jvn.jp/en/jp/JVN39570254/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2944http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2944http://secunia.com/advisories/20515http://www.securityfocus.com/bid/18434http://www.frsirt.com/english/advisories/2006/2234cpe:/a:cgi_rescue:form2mail2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CGI RESCUE WebFORM allows unauthorized email transmission
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html
WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.
According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.JVNDB-2006-000625http://jvn.jp/en/jp/JVN39570254/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2943http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2943http://secunia.com/advisories/20515http://www.securityfocus.com/bid/18434http://www.frsirt.com/english/advisories/2006/2234cpe:/a:cgi_rescue:webform2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00dotProject cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000626.html
dotProject, an open source project management tool, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#97636431.JVNDB-2006-000626http://jvn.jp/en/jp/JVN39188922/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3240http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3240http://secunia.com/advisories/20822http://www.securityfocus.com/bid/18650http://xforce.iss.net/xforce/xfdb/27585http://www.frsirt.com/english/advisories/2006/2509https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dotproject:dotproject2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Phorum cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000627.html
Phorum, an open source message board system, contains a cross-site scripting vulnerability.JVNDB-2006-000627http://jvn.jp/en/jp/JVN76207423/index.htmlcpe:/a:phorum:phorum2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Wiki clone products vulnerable to denial of service attacks
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000628.html
Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request.JVNDB-2006-000628http://jvn.jp/en/jp/JVN98836916/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3380http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3380http://secunia.com/advisories/20875http://www.frsirt.com/english/advisories/2006/2644http://www.osvdb.org/26975cpe:/a:fswiki:wiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Wiki clone products vulnerable to denial of service attacks
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000629.html
Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request.JVNDB-2006-000629http://jvn.jp/en/jp/JVN98836916/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3379http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3379http://secunia.com/advisories/20741http://www.securityfocus.com/bid/18785http://xforce.iss.net/xforce/xfdb/27507http://www.frsirt.com/english/advisories/2006/2643http://www.osvdb.org/26970cpe:/a:hiki:hiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Wiki clone products vulnerable to denial of service attacks
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000630.html
Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request.JVNDB-2006-000630http://jvn.jp/en/jp/JVN98836916/index.htmlcpe:/a:misc:wiki_modoki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00ACollab SQL injection vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000631.html
ACollab is open source web-based groupware and is also available as an add-on for e-learning content management system ATutor. ACollab contains a SQL injection vulnerability.JVNDB-2006-000631http://jvn.jp/en/jp/JVN73705637/index.htmlcpe:/a:adaptive_technology_resource_centre:acollab2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00ATutor cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000632.html
ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability.JVNDB-2006-000632http://jvn.jp/en/jp/JVN44846612/index.htmlcpe:/a:adaptive_technology_resource_centre:atutor2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00ServerView cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000633.html
ServerView, server-monitoring software included with Fujitsu servers, contains a cross-site scripting vulnerability.JVNDB-2006-000633http://jvn.jp/en/jp/JVN76686161/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3579http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3579http://secunia.com/advisories/21011http://osvdb.org/displayvuln.php?osvdb_id=27105https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:serverview2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00ServerView directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000634.html
ServerView, server monitoring software included in Fujitsu servers, contains a directory traversal vulnerability.JVNDB-2006-000634http://jvn.jp/en/jp/JVN73368472/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3578http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3578http://secunia.com/advisories/21011http://osvdb.org/displayvuln.php?osvdb_id=27106cpe:/a:fujitsu:serverview2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Geeklog cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000635.html
Geeklog, an open source content management system, contains a cross-site scripting vulnerability.JVNDB-2006-000635http://jvn.jp/en/jp/JVN81108784/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3756http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3756http://secunia.com/advisories/21094http://www.frsirt.com/english/advisories/2006/2865https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:geeklog:geeklog2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Loudblog cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000636.html
Loudblog, an open source content management system used for podcasting, etc., contains a cross-site scripting vulnerability.JVNDB-2006-000636http://jvn.jp/en/jp/JVN92975133/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3820http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3820http://secunia.com/advisories/21098http://www.securityfocus.com/bid/19082http://xforce.iss.net/xforce/xfdb/27849http://www.frsirt.com/english/advisories/2006/2901cpe:/a:loudblog:loudblog2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00QwikiWiki cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000637.html
QwikiWiki, one of Wiki clones, contains a cross-site scripting vulnerability.JVNDB-2006-000637http://jvn.jp/en/jp/JVN62307185/index.htmlcpe:/a:david_barrett:qwikiwiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Dokeos cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000638.html
Dokeos, an open source e-learning content management system, contains a cross-site scripting vulnerability.JVNDB-2006-000638http://jvn.jp/en/jp/JVN27794427/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3924http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3924http://secunia.com/advisories/21239http://www.securityfocus.com/bid/19210https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dokeos:dokeos2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Pixelpost cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000639.html
Pixelpost, an open source content management system used for photo albums, etc., contains a cross-site scripting vulnerability.
Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2006-000639http://jvn.jp/en/jp/JVN65677118/index.htmlcpe:/a:pixelpost:pixelpost2008-06-10T13:57+09:002008-06-10T13:57+09:002008-06-10T13:57+09:00Drupal cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000640.html
Drupal, an open source content management system, contains a cross-site scripting vulnerability.JVNDB-2006-000640http://jvn.jp/en/jp/JVN82240092/index.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4002http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4002http://secunia.com/advisories/21332/http://www.frsirt.com/english/advisories/2006/3138cpe:/a:drupal:drupal2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Kiri directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000641.html
Database software Kiri contains a directory traversal vulnerability in its email analysis command.JVNDB-2006-000641http://jvn.jp/en/jp/JVN62171179/index.htmlcpe:/a:misc:kanrikogaku_kiri2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:0004WebServer cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000642.html
04WebServer, open source web server software, contains a cross-site scripting vulnerability.JVNDB-2006-000642http://jvn.jp/en/jp/JVN02091617/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4199http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4199http://secunia.com/advisories/21504http://www.securityfocus.com/bid/19496http://xforce.iss.net/xforce/xfdb/28354cpe:/a:soft3304:04webserver2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:0004WebServer directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000643.html
04WebServer, an open source web server, contains a vulnerability allowing directory traversal bypassing user authentication.JVNDB-2006-000643http://jvn.jp/en/jp/JVN27428836/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4200http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4200http://secunia.com/advisories/21504http://www.securityfocus.com/bid/19496http://xforce.iss.net/xforce/xfdb/28355cpe:/a:soft3304:04webserver2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00NetCommons cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000644.html
NetCommons is an open source content management system, combining e-learning and groupware functionality. NetCommons is developed and distributed by the NetCommons Project. NetCommons contains a cross-site scripting vulnerability.JVNDB-2006-000644http://jvn.jp/en/jp/JVN51301450/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4165http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4165http://secunia.com/advisories/21445http://www.securityfocus.com/bid/19497http://xforce.iss.net/xforce/xfdb/28351cpe:/a:netcommons:netcommons2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Owl SQL injection vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000646.html
Owl, an open source document management and publishing system, contains an SQL injection vulnerability.JVNDB-2006-000646http://jvn.jp/en/jp/JVN39103264/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4212http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4212http://secunia.com/advisories/21519http://www.securityfocus.com/bid/19552http://xforce.iss.net/xforce/xfdb/28404http://www.frsirt.com/english/advisories/2006/3285cpe:/a:b0zz_and_chris_vincent:owl_intranet_engine2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Owl cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000647.html
Owl, an open source document management and publishing system, contains a cross-site scripting vulnerability.JVNDB-2006-000647http://jvn.jp/en/jp/JVN01137722/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4211http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4211http://secunia.com/advisories/21519http://www.securityfocus.com/bid/19552http://xforce.iss.net/xforce/xfdb/28403http://www.frsirt.com/english/advisories/2006/3285cpe:/a:b0zz_and_chris_vincent:owl_intranet_engine2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00mail f/w system vulnerable to allow unauthorized email transmissionk
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000648.html
mail f/w system is software that enables the the emailing of the contents of a form.
A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers.JVNDB-2006-000648http://jvn.jp/en/jp/JVN11048526/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4344http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4344http://secunia.com/advisories/21543http://www.securityfocus.com/bid/19676http://www.frsirt.com/english/advisories/2006/3359http://www.osvdb.org/28131cpe:/a:cgi_rescue:mail_f_w_system2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cybozu Office 6 information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000649.html
A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information.
Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used, information of registered users and groups could be obtained by an attacker.JVNDB-2006-000649http://jvn.jp/en/jp/JVN31125599/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4492http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4492http://secunia.com/advisories/21623http://www.osvdb.org/28263cpe:/a:cybozu:ag_pocketcpe:/a:cybozu:cybozu_agcpe:/a:cybozu:garooncpe:/a:cybozu:officecpe:/a:cybozu:share3602008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cybozu products vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000650.html
Multiple Cybozu products contain a directory traversal vulnerability.
JVNDB-2006-000650http://jvn.jp/en/jp/JVN90420168/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4490http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4490http://secunia.com/advisories/21623http://xforce.iss.net/xforce/xfdb/28591http://securitytracker.com/id?1016759http://osvdb.org/displayvuln.php?osvdb_id=28261http://osvdb.org/displayvuln.php?osvdb_id=28262cpe:/a:cybozu:officecpe:/a:cybozu:share3602008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cybozu products vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000651.html
Multiple Cybozu products contain a directory traversal vulnerability.JVNDB-2006-000651http://jvn.jp/en/jp/JVN90420168/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4491http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4491http://secunia.com/advisories/21656http://securitytracker.com/id?1016759http://www.osvdb.org/28262cpe:/a:cybozu:ag_pocketcpe:/a:cybozu:collaborexcpe:/a:cybozu:cybozu_agcpe:/a:cybozu:garooncpe:/a:cybozu:mailwise2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00MDPro cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000652.html
MDPro, an open source content management system, contains a cross-site scripting vulnerability.JVNDB-2006-000652http://jvn.jp/en/jp/JVN46630603/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4964http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4964http://secunia.com/advisories/22050http://www.securityfocus.com/bid/20133http://www.frsirt.com/english/advisories/2006/3732cpe:/a:maxdev:mdpro2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Movable Type vulnerabile to cross-site scripting
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000653.html
Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability in its search module.JVNDB-2006-000653http://jvn.jp/en/jp/JVN68295640/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5080http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5080http://secunia.com/advisories/22109/http://www.securityfocus.com/bid/20228http://xforce.iss.net/xforce/xfdb/29183http://www.frsirt.com/english/advisories/2006/3779http://www.osvdb.org/29177https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00SugarCRM cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000654.html
SugarCRM, an open source CRM (Customer Relationship Management) package, contains a cross-site scripting vulnerability.JVNDB-2006-000654http://jvn.jp/en/jp/JVN30144870/index.htmlcpe:/a:sugarcrm:sugarcrm2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00TeraStation HD-HTGL series cross-site request forgery vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000665.html
TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety (CSRF) vulnerability.JVNDB-2006-000665http://jvn.jp/en/jp/JVN93484133/index.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5175http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5175http://secunia.com/advisories/22248/http://xforce.iss.net/xforce/xfdb/29338http://www.frsirt.com/english/advisories/2006/3891https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:buffalo_inc:terastation_hd-htgl_firmware2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Kmail CGI authentication bypass vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000695.html
Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability.JVNDB-2006-000695http://jvn.jp/en/jp/JVN41241092/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7111http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7111http://secunia.com/advisories/22351/http://www.securityfocus.com/bid/20506http://osvdb.org/displayvuln.php?osvdb_id=29788cpe:/a:futomis_cgi_cafe:kmail_cgi2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ichitaro buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000734.html
Ichitaro, word-processing software contains a buffer overflow vulnerability.JVNDB-2006-000734http://jvn.jp/en/jp/JVN90815371/index.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5424http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5424http://secunia.com/advisories/22386/http://www.securityfocus.com/bid/20610http://www.frsirt.com/english/advisories/2006/4092https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitaro2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00NEC MultiWriter 1700C web server authentication bypass vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000736.html
Certain NEC printers have build-in web servers. They contain a vulnerability, where unauthorized users could change the system configuration.JVNDB-2006-000736http://jvn.jp/en/jp/JVN63999575/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6946http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6946cpe:/h:nec:nec_multiwritercpe:/h:nec:network_expansion_card_pr-l1700c-mc2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00NEC MultiWriter 1700C/7500C FTP server vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000737.html
NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server.JVNDB-2006-000737http://jvn.jp/en/jp/JVN85996645/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6947http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6947cpe:/h:nec:nec_colormultiwritercpe:/h:nec:nec_multiwritercpe:/h:nec:network_expansion_card_pr-l1700c-mc2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00desknet's buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000742.html
desknet's, web-based groupware, contains a buffer overflow vulnerability.JVNDB-2006-000742http://jvn.jp/en/jp/JVN07235355/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5593http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5593http://secunia.com/advisories/22456http://xforce.iss.net/xforce/xfdb/29758http://www.frsirt.com/english/advisories/2006/4163cpe:/a:neo_japan:desknets2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ruby cgi.rb Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000753.html
The cig.rb class in Ruby cannot handle HTTP requests with MIME multipart data set with an invalid boundry, which could trigger an infinate loop and result in consuming a large amount of CPU respurces.
JVNDB-2006-000753http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5467http://secunia.com/advisories/13123/http://www.securityfocus.com/bid/20777http://www.frsirt.com/english/advisories/2006/4244cpe:/a:ruby-lang:rubycpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_appliance_servercpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00MyODBC Japanese Conversion Edition denial of service vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000758.html
MyODBC is an ODBC driver that allows ODBC-compliant applications to communicate with a MySQL database. MyODBC Japanese Conversion Edition is a Windows version of the driver with additional Japanese encoding functionality released from SoftAgency.
MyODBC Japanese Conversion Edition contains a vulnerability which allows an attacker to cause a denial of service condition on a vulnerable server by sending a certain string as a response to a MySQL database.JVNDB-2006-000758http://jvn.jp/en/jp/JVN30994815/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6948http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6948https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:myodbc:myodbc_japanese_transformation_function2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hyper NIKKI System cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000760.html
Hyper NIKKI System (hns), web log software from the Hyper NIKKI System Project, contains a cross-site scripting vulnerability.JVNDB-2006-000760http://jvn.jp/en/jp/JVN88325166/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5774http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5774http://secunia.com/advisories/22697/http://www.securityfocus.com/bid/20949http://xforce.iss.net/xforce/xfdb/30040cpe:/a:hns:hns2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Kahua vulnerable in allowing to share login sessions
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000771.html
Kahua is an open source application development and runtime environment server.
Kahua contains a vulnerability which allows the sharing of sessions among multiple applications which are referring to different user databases.JVNDB-2006-000771http://jvn.jp/en/jp/JVN34522909/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5932http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5932http://secunia.com/advisories/22785http://xforce.iss.net/xforce/xfdb/30206http://www.frsirt.com/english/advisories/2006/4486cpe:/a:kahua:kahua2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Nucleus cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000777.html
Nucleus, an open source content management system, contains a cross-site scripting vulnerability.JVNDB-2006-000777http://jvn.jp/en/jp/JVN84656399/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6920http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6920http://secunia.com/advisories/22843http://www.securityfocus.com/bid/21104http://xforce.iss.net/xforce/xfdb/30254http://securitytracker.com/id?1017220http://www.frsirt.com/english/advisories/2006/4495cpe:/a:nucleus_cms:nucleus2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00EC-CUBE cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000781.html
EC-CUBE, an open source system for creating shopping websites, contains a cross-site scripting vulnerability.JVNDB-2006-000781http://jvn.jp/en/jp/JVN61543834/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6108http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6108http://www.ipa.go.jp/security/vuln/documents/2009/200907_ec-cube.htmlhttp://secunia.com/advisories/22925http://www.securityfocus.com/bid/21146http://xforce.iss.net/xforce/xfdb/30526http://securitytracker.com/id?1017277http://www.frsirt.com/english/advisories/2006/4583https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00eyeOS cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000784.html
eyeOS, an open source web desktop environment (Web OS), contains a cross-site scripting vulnerability.
This vulnerability has been addressed in eyeOS 0.9.0 and later. Other vulnerabilities are also addressed in the latest version. We recommend that the users upgrade to the latest version provided by the vendor.JVNDB-2006-000784http://jvn.jp/en/jp/JVN46244305/index.htmlcpe:/o:eyeos:eyeos2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00phpComasy cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000791.html
phpComasy, an open source content management system, contains a cross-site scripting vulnerability.JVNDB-2006-000791http://jvn.jp/en/jp/JVN57280612/index.htmlcpe:/a:phpcomasy:phpcomasy2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00tDiary cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000792.html
tDiary, a weblog system from the tDiary development project, contains a cross-site scripting vulnerability.JVNDB-2006-000792http://jvn.jp/en/jp/JVN47223461/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6174http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6174http://secunia.com/advisories/23092/http://www.securityfocus.com/bid/21321http://www.frsirt.com/english/advisories/2006/4722cpe:/a:tdiary:tdiary2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Blogn cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000802.html
Blogn, a script for the creation of blogs from R-ONE, contains a cross-site scripting vulnerability.JVNDB-2006-000802http://jvn.jp/en/jp/JVN21125043/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6176http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6176http://secunia.com/advisories/23126/http://www.securityfocus.com/bid/21347http://xforce.iss.net/xforce/xfdb/30565http://www.frsirt.com/english/advisories/2006/4768cpe:/a:blogn:blogn2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Chama Cargo cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000803.html
Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability.JVNDB-2006-000803http://jvn.jp/en/jp/JVN08494205/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6249http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6249http://secunia.com/advisories/23149http://www.securityfocus.com/bid/21361http://xforce.iss.net/xforce/xfdb/30622http://www.frsirt.com/english/advisories/2006/4780cpe:/a:chama:chama_cargo2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Denial of service vulnerability in Ruby CGI library (cgi.rb)
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000808.html
cgi.rb, a standard library in Ruby, contains a denial of service vulnerability.
This vulnerability is different from CVE-2006-5467.JVNDB-2006-000808http://jvn.jp/en/jp/JVN84798830/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6303http://secunia.com/advisories/13123/http://www.securityfocus.com/bid/21441http://xforce.iss.net/xforce/xfdb/30734http://securitytracker.com/id?1017363http://www.frsirt.com/english/advisories/2006/4855http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000808.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ruby-lang:rubycpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_appliance_servercpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_server2008-11-14T12:20+09:002008-05-21T00:00+09:002008-11-14T12:20+09:00TikiWiki cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000809.html
TikiWiki, one of Wiki clones, contains a cross-site scripting vulnerability.JVNDB-2006-000809http://jvn.jp/en/jp/JVN38746816/index.htmlcpe:/a:tiki:tikiwiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hanako buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000812.html
Hanako, graphics authoring software from Justsystems, contains a buffer overflow vulnerability.JVNDB-2006-000812http://jvn.jp/en/jp/JVN47272891/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6400http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6400http://secunia.com/advisories/23185/http://www.securityfocus.com/bid/21445http://securitytracker.com/id?1017336http://www.frsirt.com/english/advisories/2006/4857https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:hanakocpe:/a:justsystems:hanako_viewer2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Shobo Shobo Nikki System (sns) cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000816.html
Shobo Shobo Nikki System (sns), weblog scripts provided by Project Amateras, contains a cross-site scripting vulnerability.JVNDB-2006-000816http://jvn.jp/en/jp/JVN34830904/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6413http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6413http://secunia.com/advisories/23257http://www.securityfocus.com/bid/21489http://www.frsirt.com/english/advisories/2006/4902cpe:/a:amateras:amateras_sns2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00SugarCRM cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000849.html
SugarCRM, open source CRM (Customer Relationship Management) software, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#30144870.JVNDB-2006-000849http://jvn.jp/en/jp/JVN74079537/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6712http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6712http://secunia.com/advisories/23424http://www.securityfocus.com/bid/21694http://securitytracker.com/id?1017434http://www.frsirt.com/english/advisories/2006/5100cpe:/a:sugarcrm:sugarcrm2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00a-blog cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000850.html
a-blog, a server-based blog tool from appleple, Inc. contains a cross-site scripting vulnerability.JVNDB-2006-000850http://jvn.jp/en/jp/JVN78520316/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6729http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6729http://secunia.com/advisories/23444http://www.frsirt.com/english/advisories/2006/5129cpe:/a:appleple:appleple_a-blog2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00pnamazu cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000851.html
pnamazu, the Perl version program of the full-text search engine Namazu, contains a cross-site scripting vulnerability.JVNDB-2006-000851http://jvn.jp/en/jp/JVN02729869/index.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6782http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6782http://secunia.com/advisories/23507/http://www.securityfocus.com/bid/21759http://securitytracker.com/id?1017446http://www.frsirt.com/english/advisories/2006/5165cpe:/a:pnamazu:pnamazu2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Joomla! cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000852.html
Joomla!, an open source content management system, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#79484135.JVNDB-2006-000852http://jvn.jp/en/jp/JVN45006961/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6832http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6833http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6833http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6832http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6833http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6834http://secunia.com/advisories/23563http://www.securityfocus.com/bid/21810http://www.frsirt.com/english/advisories/2006/5202https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:joomla:joomla2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00tDiary arbitrary Ruby script execution vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000853.html
tDiary is weblog software maintained by the tDiary development project.
tDiary contains a vulnerability which allows a remote attacker to execute arbitrary Ruby scripts on a vulnerable system.JVNDB-2006-000853http://jvn.jp/en/jp/JVN31185550/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6852http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6852http://secunia.com/advisories/23465/http://www.securityfocus.com/bid/21811http://www.frsirt.com/english/advisories/2006/5201https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tdiary:tdiary2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000858.html
Safe levels exist as a part of the Ruby language security model, in order to limit the operation of untrusted objects. Ruby contains a vulnerability which may allow an attacker to bypass the safe level restrictions and execute normally inaccessible methods, due to a problem in Ruby's alias function.JVNDB-2006-000858http://jvn.jp/en/jp/JVN83768862/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3694http://secunia.com/advisories/21009/http://www.securityfocus.com/bid/18944http://www.frsirt.com/english/advisories/2006/2760https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ruby-lang:rubycpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linux2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Webmin directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html
Webmin is a web-based system management tool.
Webmin contains a directory traversal vulnerability which allows to bypass authentication.
As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.JVNDB-2006-000938http://jvn.jp/en/jp/JVN67974490/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3274http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3274http://secunia.com/advisories/20777http://www.securityfocus.com/bid/18613http://xforce.iss.net/xforce/xfdb/27366http://securitytracker.com/id?1016375http://www.frsirt.com/english/advisories/2006/2493cpe:/a:webmin:usermincpe:/a:webmin:webmin2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple vulnerabilities in Webmin and Usermin
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000939.html
Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:
- Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions
- Cross-site scripting
We are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to "Development Versions of Webmin and Usermin" on the vendor's website for information on the latest versions of the software.JVNDB-2006-000939http://jvn.jp/en/jp/JVN99776858/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4542http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4542http://secunia.com/advisories/21690http://secunia.com/advisories/22114http://www.securityfocus.com/bid/19820http://xforce.iss.net/xforce/xfdb/28699http://securitytracker.com/id?1016776http://securitytracker.com/id?1016777http://www.frsirt.com/english/advisories/2006/3424cpe:/a:webmin:usermincpe:/a:webmin:webmincpe:/o:misc:miraclelinux_asianux_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hitachi Soumu Workflow Authentication Bypassing Vulnerability
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000975.html
Hitachi Soumu Workflow template files contain vulnerabilities that could be exploited to bypass authentication mechanisms.JVNDB-2006-000975http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6705http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6705http://secunia.com/advisories/23399http://www.securityfocus.com/bid/21709http://xforce.iss.net/xforce/xfdb/31031http://www.frsirt.com/english/advisories/2006/5114cpe:/a:hitachi:koukyoumuke_soumu_workflowcpe:/a:hitachi:soumu_workflow2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00JP1 Request Handling Denial of Service Vulnerabilities
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000983.html
Hitachi JP1 products fails to handle unexpected requests and data, which could be exploited to cause a denial of service condition.JVNDB-2006-000983http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2068http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2068http://secunia.com/advisories/19841http://www.securityfocus.com/bid/17706http://xforce.iss.net/xforce/xfdb/26087http://www.frsirt.com/english/advisories/2006/1524cpe:/a:hitachi:cm2_network_node_managercpe:/a:hitachi:job_management_partner_1_automatic_job_management_system_2cpe:/a:hitachi:job_management_partner_1_basecpe:/a:hitachi:jp1_automatic_job_management_system_2cpe:/a:hitachi:jp1_basecpe:/a:hitachi:jp1_cm2_extensible_agentcpe:/a:hitachi:jp1_cm2_hierarchical_agentcpe:/a:hitachi:jp1_cm2_network_node_managercpe:/a:hitachi:jp1_cm2_operations_assistcpe:/a:hitachi:jp1_cm2_submanagercpe:/a:hitachi:jp1_file_access_controlcpe:/a:hitachi:jp1_performance_managementcpe:/a:hitachi:jp1_pfm_snmp_system_observercpe:/a:hitachi:jp1_security_integrated_managercpe:/a:hitachi:jp1_serverconductor_blade_server_managercpe:/a:hitachi:jp1_serverconductor_deployment_managercpe:/a:hitachi:jp1_serverconductor_server_managercpe:/a:hitachi:jp1_server_system_observercpe:/a:hitachi:serverconductor_blade_server_managercpe:/a:hitachi:serverconductor_deployment_managercpe:/a:hitachi:serverconductor_server_managercpe:/a:hitachi:system_manager2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple Vulnerabilities Concerning Hitachi Web Server
https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000992.html
Hitachi Web Server has vulnerabilities listed below:
1. A vulnerability that allows to roll back the Open SSL version when using the SSL.
2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server.
3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.JVNDB-2006-000992http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000992.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_server_enterprisecpe:/a:hitachi:cosminexus_application_server_standardcpe:/a:hitachi:cosminexus_application_server_version_5cpe:/a:hitachi:cosminexus_developer_light_version_6cpe:/a:hitachi:cosminexus_developer_professional_version_6cpe:/a:hitachi:cosminexus_developer_standard_version_6cpe:/a:hitachi:cosminexus_developer_version_5cpe:/a:hitachi:cosminexus_server_-_enterprise_editioncpe:/a:hitachi:cosminexus_server_-_standard_editioncpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4cpe:/a:hitachi:cosminexus_server_-_web_editioncpe:/a:hitachi:cosminexus_server_-_web_edition_version_4cpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_smart_editioncpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2014-05-22T18:03+09:002009-02-04T17:42+09:002014-05-22T18:03+09:00