JVNDB RSS Feed - 2007 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00Serene Bach cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000006.html
Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability.JVNDB-2007-000006http://jvn.jp/en/jp/JVN65500885/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0137http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0137http://secunia.com/advisories/23623/http://www.securityfocus.com/bid/21884http://xforce.iss.net/xforce/xfdb/31302http://securitytracker.com/id?1017470http://www.frsirt.com/english/advisories/2007/0065cpe:/a:serendipitynz:sbcpe:/a:serendipitynz:serene_bach2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Drupal cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000070.html
Drupal, an open source content management system, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#82240092.JVNDB-2007-000070http://jvn.jp/en/jp/JVN13939411/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0136http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0136http://xforce.iss.net/xforce/xfdb/31311cpe:/a:drupal:drupal2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Fresh Reader RSS feed cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000071.html
Fresh Reader from sidefeed, Inc. is a server-side web application that manages RSS information. Fresh Reader contains an RSS feed cross-site scripting vulnerability.JVNDB-2007-000071http://jvn.jp/en/jp/JVN95249468/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0362http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0362http://secunia.com/advisories/23806http://www.frsirt.com/english/advisories/2007/0241cpe:/a:freshreader:freshreader2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Movable Type cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000073.html
Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#68295640.JVNDB-2007-000073http://jvn.jp/en/jp/JVN32985115/index.htmlcpe:/a:sixapart:movabletype2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00phpAdsNew cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000074.html
phpAdsNew, an open source web advertising management system, contains a cross-site scripting vulnerability.
Note that phpAdsNew is now called "Openads."
The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability.
- phpPgAds 2.0.9-pr1 and earlier
- Max Media Manager v0.1.29-rc and earlier
- Max Media Manager v0.3.30-alpha and earlier
All users of these products are encouraged to update to the latest versions provided by the developer.
The updated versions of each product are listed below:
- The updated version of phpAdsNew 2.0.9-pr1 is Openads 2.0.10.
- The updated version of phpPgAds 2.0.9-pr1 is Openads for PostgreSQL 2.0.10.
- The updated version of Max Media Manager v0.1.29-rc and v0.3.30-alpha is Openads 2.3.31.JVNDB-2007-000074http://jvn.jp/en/jp/JVN07274813/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0477http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0477cpe:/a:openads:openads2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CGI RESCUE WebFORM vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html
WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.JVNDB-2007-000085http://jvn.jp/en/jp/JVN05088443/index.htmlcpe:/a:cgi_rescue:webform2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CGI RESCUE WebFORM vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html
WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.JVNDB-2007-000086http://jvn.jp/en/jp/JVN05123538/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0547http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0547http://secunia.com/advisories/23913/cpe:/a:cgi_rescue:webform2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CGI RESCUE WebFORM missing mail content vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html
WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.JVNDB-2007-000087http://jvn.jp/en/jp/JVN24879092/index.htmlcpe:/a:cgi_rescue:webform2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Shopping Basket Professional vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000088.html
Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data.JVNDB-2007-000088http://jvn.jp/en/jp/JVN82258242/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0565http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0565http://secunia.com/advisories/23909/cpe:/a:cgi_rescue:shopping_basket_pro2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00b2evolution cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000090.html
b2evolution, a blog publishing system, contains a cross-site scripting vulnerability.JVNDB-2007-000090http://jvn.jp/en/jp/JVN64354801/index.htmlcpe:/a:b2evolution:b2evolution2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000091.html
Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).JVNDB-2007-000091http://jvn.jp/en/jp/JVN93700808/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0706http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0706http://www.frsirt.com/english/advisories/2007/0365cpe:/a:fenrir-inc:portable_sleipnircpe:/a:fenrir-inc:sleipnircpe:/a:fenrir:darksky_rss_bar2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000093.html
Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).JVNDB-2007-000093http://jvn.jp/en/jp/JVN93700808/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0705http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0705http://secunia.com/advisories/23927/http://www.frsirt.com/english/advisories/2007/0364cpe:/a:fenrir-inc:portable_sleipnircpe:/a:fenrir-inc:sleipnircpe:/a:fenrir:darksky_rss_bar2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00MODx cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000094.html
MODxl, an open source content management system, contains a cross-site scripting vulnerability.JVNDB-2007-000094http://jvn.jp/en/jp/JVN80271113/index.htmlcpe:/a:modx:modxcms2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CCC Cleaner buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000127.html
CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables.
This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed executables found in TrendMicro Antivirus. For details of this vulnerability, please refer to TrendMicro's website.
CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder.
Filenames: lpt$vpn.185
As of February 13, 2006, Trend Micro has announced that the vulnerability "the Anti-Rootkit Common Module (TmComm.sys)" disclosed on February 11, 2006 does not affect CCC Cleaner. For more information, refer to the vendor's website.JVNDB-2007-000127http://jvn.jp/cert/JVNVU%23276432/index.htmlhttp://jvn.jp/en/jp/JVN77366274/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0851http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0851http://www.kb.cert.org/vuls/id/276432http://secunia.com/advisories/24087http://www.securityfocus.com/bid/22449http://securitytracker.com/id?1017601http://www.frsirt.com/english/advisories/2007/0522cpe:/a:misc:ccc_cleanercpe:/a:trendmicro:scan_enginecpe:/a:trendmicro:virus_search_engine_vs_api2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Sage vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000134.html
Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser.JVNDB-2007-000134http://jvn.jp/en/jp/JVN84430861/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0896http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0896http://secunia.com/advisories/24086/http://www.securityfocus.com/bid/22493http://xforce.iss.net/xforce/xfdb/32395http://www.securitytracker.com/id?1017624https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sage:sagecpe:/a:sage:sage_plusplus2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CCC Cleaner buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000135.html
CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables.
This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed executables found in TrendMicro Antivirus. For details of this vulnerability, please refer to TrendMicro's website.
CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder.
Filenames: lpt$vpn.185
As of February 13, 2006, Trend Micro has announced that the vulnerability "the Anti-Rootkit Common Module (TmComm.sys)" disclosed on February 11, 2006 does not affect CCC Cleaner. For more information, refer to the vendor's website.JVNDB-2007-000135http://jvn.jp/en/jp/JVN77366274/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0856http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0856http://www.kb.cert.org/vuls/id/282240http://www.kb.cert.org/vuls/id/666800http://secunia.com/advisories/24069/http://www.securityfocus.com/bid/22448http://xforce.iss.net/xforce/xfdb/32353http://www.securitytracker.com/id?1017604http://www.securitytracker.com/id?1017605http://www.securitytracker.com/id?1017606http://www.frsirt.com/english/advisories/2007/0521cpe:/a:misc:ccc_cleanercpe:/a:trendmicro:anti-spyware_for_consumercpe:/a:trendmicro:anti-spyware_for_enterprisecpe:/a:trendmicro:anti-spyware_for_smbcpe:/a:trendmicro:business_securitycpe:/a:trendmicro:client_server_messaging_security_for_smbcpe:/a:trendmicro:damage_cleanup_servicescpe:/a:trendmicro:pc_cillin_internet_securitycpe:/a:trendmicro:rootkit_provision_module_tmcomm.syscpe:/a:trendmicro:trend_micro_antiviruscpe:/a:trendmicro:virus_baster2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Adobe JRun cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000159.html
Adobe JRun is an application server based on J2EE (Java 2 Platform Enterprise Edition). Adobe JRun contains a cross-site scripting vulnerability.JVNDB-2007-000159http://jvn.jp/en/jp/JVN14243645/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5860http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5860http://secunia.com/advisories/24093/http://www.securityfocus.com/bid/22547http://xforce.iss.net/xforce/xfdb/32475http://www.securitytracker.com/id?1017646http://www.frsirt.com/english/advisories/2007/0594https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:coldfusioncpe:/a:adobe:jrun2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00ColdFusion cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000160.html
ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability.
According to the statements from the developer, this vulnerability does not arise when the "Enable Global Script Protection" setting is turned on.
This vulnerability is different from JVN#48566866.JVNDB-2007-000160http://jvn.jp/en/jp/JVN28356427/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5859http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5859http://secunia.com/advisories/24115/http://www.securityfocus.com/bid/22544http://www.securitytracker.com/id?1017644http://www.frsirt.com/english/advisories/2007/0592https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:coldfusion2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00ColdFusion error page cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000161.html
ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability in its error page.
This vulnerability is different from JVN#28356427.JVNDB-2007-000161http://jvn.jp/en/jp/JVN48566866/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0817http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0817http://secunia.com/advisories/24115/http://www.securityfocus.com/bid/22401http://www.securitytracker.com/id?1017645http://www.frsirt.com/english/advisories/2007/0593cpe:/a:adobe:coldfusion2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ariel AirOne series cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000165.html
The Ariel AirOne series, from Ariel Networks, contain a cross-site scripting vulnerability.JVNDB-2007-000165http://jvn.jp/en/jp/JVN84746611/index.htmlcpe:/a:misc:ariel-networks_airone_prolectacpe:/a:misc:ariel-networks_multi_scheduler2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Mozilla Firefox cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html
Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.JVNDB-2007-000176http://jvn.jp/en/jp/JVN38605899/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0995http://secunia.com/advisories/24205/http://secunia.com/advisories/24238/http://www.securityfocus.com/bid/22694http://www.frsirt.com/english/advisories/2007/0718cpe:/a:mozilla:firefoxcpe:/a:mozilla:seamonkeycpe:/a:redhat:rhel_optional_productivity_applicationscpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstationcpe:/o:redhat:rhel_desktop_workstationcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000199.html
CCC Cleaner, provided from Cyber Clean Center between January 25 and March 12, 2007, contains a division-by-zero vulnerability that occurs when it scans UPX-packed executables.
This vulnerability is caused by the "Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability" on TrendMicro's anti-virus product. For details of this vulnerability, please refer to the information provided by TrendMicro.
This vulnerability is different from "JVN#77366274: CCC Cleaner buffer overflow vulnerability."JVNDB-2007-000199http://jvn.jp/en/jp/JVN80126589/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1591http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1591http://secunia.com/advisories/24450http://www.securityfocus.com/bid/22965http://www.frsirt.com/english/advisories/2007/0959cpe:/a:misc:ccc_cleanercpe:/a:trendmicro:scan_enginecpe:/a:trendmicro:virus_search_engine_vs_api2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Trac cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000200.html
Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability which affects Microsoft Internet Explorer.JVNDB-2007-000200http://jvn.jp/en/jp/JVN91706484/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1405http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1405http://secunia.com/advisories/24470http://www.securityfocus.com/bid/22888http://xforce.iss.net/xforce/xfdb/32897http://www.frsirt.com/english/advisories/2007/0900cpe:/a:misc:interact_traccpe:/a:trac:trac2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000215.html
Fujitsu's encryption software FENCE-Pro and Systemwalker Desktop Encryption share the same components. A vulnerability exists in self-decoding files created using this software.JVNDB-2007-000215http://jvn.jp/en/jp/JVN19795972/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1505http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1505http://secunia.com/advisories/24537/http://secunia.com/advisories/24549/http://www.securityfocus.com/bid/23001http://xforce.iss.net/xforce/xfdb/33029cpe:/a:fujitsu:fence-procpe:/a:fujitsu:systemwalker_desktop_encryption2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Interstage Application Server cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000218.html
The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as "Servlet Service for Interstage Operation Management" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability.
As of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor's website.JVNDB-2007-000218http://jvn.jp/en/jp/JVN83832818/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1504http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1504http://secunia.com/advisories/24508/http://xforce.iss.net/xforce/xfdb/33099http://www.frsirt.com/english/advisories/2007/0996cpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_security_director2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000225.html
NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly.JVNDB-2007-000225http://jvn.jp/en/jp/JVN64227086/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1610http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1611http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1610http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1611http://secunia.com/advisories/24603http://www.securityfocus.com/bid/23094http://xforce.iss.net/xforce/xfdb/33166http://www.frsirt.com/english/advisories/2007/1074cpe:/a:glue_software:newsgluecpe:/a:sourcenext:ikanari_jijyou2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00BASP21 vulnerable to mail header injection
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000226.html
BASP21 provided by B21Soft, Inc. is a component for Windows applications. BASP21 contains a mail header injection vulnerability.
Tomoki Sanaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2007-000226http://jvn.jp/en/jp/JVN86092776/index.htmlhttp://jvn.jp/en/jp/JVN70380788/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1713http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1713https://www.ipa.go.jp/security/vuln/documents/2006/JVN_86092776.htmlhttp://secunia.com/advisories/24652http://www.securityfocus.com/bid/23134http://xforce.iss.net/xforce/xfdb/33211http://www.frsirt.com/english/advisories/2007/1113https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:b21soft:basp212016-10-13T14:45+09:002008-05-21T00:00+09:002016-10-13T14:45+09:00CruiseWorks and Minna De Office vulnerable in access restrictions
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000227.html
CruiseWorks and Minna De Office are groupware. They contain a vulnerability that the user's access restriction is not properly set.JVNDB-2007-000227http://jvn.jp/en/jp/JVN73258608/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1782http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1781http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1782http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1781http://secunia.com/advisories/24674http://secunia.com/advisories/24691http://www.securityfocus.com/bid/23198http://xforce.iss.net/xforce/xfdb/33341http://www.frsirt.com/english/advisories/2007/1163http://www.frsirt.com/english/advisories/2007/1162http://osvdb.org/34518cpe:/a:kynoslogic:cruiseworks2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00MailDwarf cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000228.html
MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability.JVNDB-2007-000228http://jvn.jp/en/jp/JVN40511721/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1802http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1802http://secunia.com/advisories/24681http://www.securityfocus.com/bid/23207http://xforce.iss.net/xforce/xfdb/33322http://www.frsirt.com/english/advisories/2007/1166cpe:/a:maildwarf:maildwarf2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00MailDwarf vulnerability allows unauthorized sending of emails
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000229.html
MailDwarf, released from HTML Dwarf, is a CGI program that enables a user to send e-mail message via web page. MailDwarf contains a vulnerability that allows unauthorized email to be sent to a different address set by the administrator.JVNDB-2007-000229http://jvn.jp/en/jp/JVN08951968/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1803http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1803http://secunia.com/advisories/24681http://www.securityfocus.com/bid/23207http://xforce.iss.net/xforce/xfdb/33324http://www.frsirt.com/english/advisories/2007/1166https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:maildwarf:maildwarf2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Overlay Weaver cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000236.html
Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability.JVNDB-2007-000236http://jvn.jp/en/jp/JVN62399483/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1780http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1780http://secunia.com/advisories/24669/http://www.securityfocus.com/bid/23195http://xforce.iss.net/xforce/xfdb/33340http://www.frsirt.com/english/advisories/2007/1167cpe:/a:overlay_weaver:overlay_weaver2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00open-gorotto cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000259.html
open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames.JVNDB-2007-000259http://jvn.jp/en/jp/JVN84646028/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2071http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2071http://www.securityfocus.com/bid/23507http://www.frsirt.com/english/advisories/2007/1398cpe:/a:open-gorotto:open-gorotto2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000260.html
Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability.JVNDB-2007-000260http://jvn.jp/en/jp/JVN62334841/index.htmlcpe:/a:ekakin:shihonkanri_plus_goout2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00InfoBarrier4 self-decrypted file vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000290.html
InfoBarrier4 provided by FFC Limited contains a vulnerability in self-decrypted files created using InfoBarrier4 encryption.JVNDB-2007-000290http://jvn.jp/en/jp/JVN91305178/index.htmlcpe:/a:misc:ffc_infobarrier2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00APOP password recovery vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html
POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.
It is reported that APOP passwords could be recovered by third parties.
In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack. JVNDB-2007-000295http://jvn.jp/cert/JVNTA07-151A/index.htmlhttp://jvn.jp/en/jp/JVN19445002/index.htmlhttp://jvn.jp/tr/TRTA07-151A/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558http://www.us-cert.gov/cas/alerts/SA07-151A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-151A.htmlhttp://www.securityfocus.com/bid/23257http://www.securitytracker.com/id?1018008http://www.frsirt.com/english/advisories/2007/1466http://www.frsirt.com/english/advisories/2007/1480http://www.frsirt.com/english/advisories/2007/1468http://www.frsirt.com/english/advisories/2007/1467http://www.ietf.org/rfc/rfc1939.txthttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:claws_mail:claws_mailcpe:/a:fetchmail:fetchmailcpe:/a:mozilla:seamonkeycpe:/a:mozilla:thunderbirdcpe:/a:mutt:muttcpe:/a:redhat:rhel_optional_productivity_applicationscpe:/a:sylpheed:sylpheedcpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:enterprise_linux_euscpe:/o:redhat:linux_advanced_workstationcpe:/o:redhat:rhel_desktop_workstationcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_servercpe:/o:turbolinux:turbolinux_wizpy2009-08-06T11:39+09:002008-05-21T00:00+09:002009-08-06T11:39+09:00Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html
Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.
The vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.JVNDB-2007-000297http://jvn.jp/en/jp/JVN16535199/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1358http://secunia.com/advisories/25721http://www.securityfocus.com/bid/24524http://www.securitytracker.com/id?1018269http://www.frsirt.com/english/advisories/2007/1729https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_web_servercpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_servicecpe:/a:nec:webotx_application_servercpe:/o:apple:mac_os_x_servercpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:sun:solaris2008-07-11T13:47+09:002008-05-21T00:00+09:002008-07-11T13:47+09:00Canon Network Camera Server VB100 Series vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000301.html
Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability.JVNDB-2007-000301http://jvn.jp/en/jp/JVN06735665/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2680http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2680http://secunia.com/advisories/24940/http://www.frsirt.com/english/advisories/2007/1461cpe:/a:canon:network_camera_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Lunascape RSS reader arbitrary script execution vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000322.html
A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled.JVNDB-2007-000322http://jvn.jp/en/jp/JVN36628264/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2335http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2335http://secunia.com/advisories/25000http://www.securityfocus.com/bid/23665http://www.frsirt.com/english/advisories/2007/1538cpe:/a:lunascape:lunascape2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Java Web Start vulnerable to execution of unauthorized system classes
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html
Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.
Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.JVNDB-2007-000329http://jvn.jp/en/jp/JVN44724673/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2435http://www.jpcert.or.jp/wr/2007/wr071701.txthttp://secunia.com/advisories/25069/http://www.securityfocus.com/bid/23728http://xforce.iss.net/xforce/xfdb/33984http://www.securitytracker.com/id?1017986http://www.frsirt.com/english/advisories/2007/1598https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:allied_telesis_k.k.:ssl_vpn-pluscpe:/a:allied_telesis_k.k.:swimradiuscpe:/a:bea:jrockitcpe:/a:nec:tw703000cpe:/a:nec:websam_deploymentmanagercpe:/a:redhat:enterprise_linuxcpe:/a:redhat:rhel_desktop_supplementarycpe:/a:redhat:rhel_supplementarycpe:/a:sun:jdkcpe:/a:sun:jrecpe:/a:sun:sdkcpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_server2008-06-06T16:22+09:002008-05-21T00:00+09:002008-06-06T16:22+09:00Homepage Builder sample CGI programs vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000395.html
Some of the CGI sample programs included in Homepage Builder provided by IBM Japan contains a vulnerability which may allow an attacker to inject an arbitrary OS command.
According to the vendor, it is confirmed that vulnerable CGI sample programs are not included in the demo versions of each product.JVNDB-2007-000395http://jvn.jp/en/jp/JVN81294906/index.htmlhttp://www.jpcert.or.jp/wr/2007/wr071901.txtcpe:/a:ibm:homepage_builder2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00SquirrelMail vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000398.html
SquirrelMail contains a cross-site scripting vulnerability.
SquirrelMail from SquirrelMail Project is an open source webmail (web-based email).
SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting.
Yosuke Hasegawa from Matcha139 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2007-000398http://jvn.jp/en/jp/JVN09157962/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1262http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1262http://secunia.com/advisories/25200/http://www.securityfocus.com/bid/23910http://www.securitytracker.com/id?1018033http://www.frsirt.com/english/advisories/2007/1748https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:squirrelmail:squirrelmailcpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:rhel_desktop_workstation2011-01-07T14:39+09:002011-01-07T14:39+09:002011-01-07T14:39+09:00Advance-Flow cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000400.html
Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form.
Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms are not affected by this vulnerability and some are, depending on the contents of the application forms.JVNDB-2007-000400http://jvn.jp/en/jp/JVN92832583/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2811http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2811http://www.jpcert.or.jp/wr/2007/wr071901.txthttp://secunia.com/advisories/25338/http://www.securityfocus.com/bid/24071http://www.frsirt.com/english/advisories/2007/1884https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:osk:advance-flow2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00HP System Management Homepage cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000420.html
A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage (SMH).
HP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH.
It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting vulnerability.
The vendor recommends users to upgrade to SMH, as Compaq System Management Homepage is an outdated product and is no longer available. For more information, refer to the vendor's website.JVNDB-2007-000420http://jvn.jp/en/jp/JVN19240523/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3062http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3062http://www.jpcert.or.jp/wr/2007/wr072101.txthttp://www.kb.cert.org/vuls/id/292457http://secunia.com/advisories/25493http://www.securityfocus.com/bid/24256http://xforce.iss.net/xforce/xfdb/34656http://www.securitytracker.com/id?1018179http://www.frsirt.com/english/advisories/2007/2013cpe:/a:hp:system_management_homepage2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Meneame cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000429.html
Meneame, an open source social bookmark system, contains a cross-site scripting vulnerability.
Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data.JVNDB-2007-000429http://jvn.jp/en/jp/JVN89497739/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3042http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3042http://secunia.com/advisories/25510http://www.frsirt.com/english/advisories/2007/2040cpe:/a:meneame:meneame2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00ADPLAN cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000434.html
ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO (search engine optimization) module.
ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO (search engine optimization) module.
A website that employs ADPLAN Version 3 service generates a web page using the HTTP header information sent from a client web browser.
However, as the HTTP header information sent from a user's web browser is not handled correctly by ADPLAN Version 3, an arbitrary script could be executed on the user's web browser if the user is forced to visit a site using ADPLAN service through an attack.JVNDB-2007-000434http://jvn.jp/en/jp/JVN23891849/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3117http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3117http://secunia.com/advisories/25527http://www.securityfocus.com/bid/24356cpe:/a:adplan:seo2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Internet Explorer vulnerable in MHTML handling
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000446.html
Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows an arbitrary script execution.
When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types.
This behavior may result in executing the scripts embedded in the contents.
The MHTML protocol handler is included in the Outlook Express component, and Microsoft provides the fix of the vulnerability for this component.JVNDB-2007-000446http://jvn.jp/cert/JVNTA07-163A/index.htmlhttp://jvn.jp/en/jp/JVN27203006/index.htmlhttp://jvn.jp/tr/TRTA07-163A/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2225http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2225http://www.us-cert.gov/cas/alerts/SA07-163A.htmlhttp://www.kb.cert.org/vuls/id/682825http://www.us-cert.gov/cas/techalerts/TA07-163A.htmlhttp://secunia.com/advisories/25639/http://www.securityfocus.com/bid/24392http://www.frsirt.com/english/advisories/2007/2154cpe:/a:microsoft:outlook_expresscpe:/a:microsoft:windows_mailcpe:/o:microsoft:windows_server_2003cpe:/o:microsoft:windows_vistacpe:/o:microsoft:windows_xp2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Internet Explorer vulnerable in handling MHTML protocol
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000447.html
Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows the download dialog box to be bypassed.
Some versions of Outlook Express are affected because the vulnerability is contained in Outlook Express component used by Internet Explorer.
When Internet Explorer accesses a website using MHTML (MIME Encapsulation of Aggregate HTML), Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be displayed when downloading.
The MHTML protocol handler is included in Outlook Express component, and Microsoft provides the fix for this componet.JVNDB-2007-000447http://jvn.jp/cert/JVNTA07-163A/index.htmlhttp://jvn.jp/en/jp/JVN95019167/index.htmlhttp://jvn.jp/tr/TRTA07-163A/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2227http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2227http://www.us-cert.gov/cas/alerts/SA07-163A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-163A.htmlhttp://secunia.com/advisories/25639/http://www.securityfocus.com/bid/24410http://www.frsirt.com/english/advisories/2007/2154cpe:/a:microsoft:outlook_expresscpe:/a:microsoft:windows_mailcpe:/o:microsoft:windows_server_2003cpe:/o:microsoft:windows_vistacpe:/o:microsoft:windows_xp2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00dotProject cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000454.html
dotProject, an open source project management tool, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#97636431.JVNDB-2007-000454http://jvn.jp/en/jp/JVN63602912/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3226http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3226http://secunia.com/advisories/25638cpe:/a:dotproject:dotproject2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Apache Tomcat sample web application cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000456.html
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
jsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability.JVNDB-2007-000456http://jvn.jp/en/jp/JVN64851600/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2449http://www.securityfocus.com/bid/24476http://securitytracker.com/id?1018245http://www.frsirt.com/english/advisories/2007/2213cpe:/a:apache:tomcatcpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:rhel_desktop_workstation2008-07-11T13:48+09:002008-05-21T00:00+09:002008-07-11T13:48+09:00Apache Tomcat cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000457.html
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.
Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies.
Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability.JVNDB-2007-000457http://jvn.jp/en/jp/JVN07100457/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2450http://secunia.com/advisories/25678/http://www.securityfocus.com/bid/24475http://xforce.iss.net/xforce/xfdb/34868http://www.securitytracker.com/id?1018245http://www.frsirt.com/english/advisories/2007/2213https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:rhel_desktop_workstationcpe:/o:sun:solaris2008-07-11T13:48+09:002008-05-21T00:00+09:002008-07-11T13:48+09:00RaidenHTTPD cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000471.html
RaidenHTTPD, from Sonei Information Systems (TEAM JOHNLONG), contains a cross-site scripting vulnerability.
RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG.
RaidenHTTPD contains a cross-site scripting vulnerability.JVNDB-2007-000471http://jvn.jp/en/jp/JVN90438169/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3343http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6453http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3343http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6453http://secunia.com/advisories/25752http://secunia.com/advisories/28143http://www.securityfocus.com/bid/26903http://xforce.iss.net/xforce/xfdb/39088http://www.osvdb.org/39228https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:raidenhttpd:raidenhttpd2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hiki arbitrary file deletion vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000476.html
Hiki, a Wiki clone software developed by Hiki Development Team, contains a vulnerability that allows a remote attacker to delete arbitrary files.
Hiki contains a vulnerability that allows an arbitrary file to be deleted on a server running Hiki. This is caused by the improper handling of a session management file.JVNDB-2007-000476http://jvn.jp/en/jp/JVN05187780/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2836http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2836http://secunia.com/advisories/25764http://www.securityfocus.com/bid/24603http://www.frsirt.com/english/advisories/2007/2304https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hiki:hiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00rktSNS cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000486.html
rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability.
rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability.JVNDB-2007-000486http://jvn.jp/en/jp/JVN44532794/index.htmlcpe:/a:rakuto:rktsns2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00sHTTPd cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000487.html
sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability.
sHTTPd from Uchu Ninja Neko-dan is a web server for Windows.
sHTTPd contains a cross-site scripting vunerability.JVNDB-2007-000487http://jvn.jp/en/jp/JVN74063879/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3541http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3541http://secunia.com/advisories/25835http://www.securityfocus.com/bid/24683http://xforce.iss.net/xforce/xfdb/35111http://www.frsirt.com/english/advisories/2007/2352http://osvdb.org/36348cpe:/a:kurinton:shttpd2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000491.html
Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow.
This problem is reported to be different from the issue identified in JVNDB-2007-000492 (CVE-2007-3375).JVNDB-2007-000491http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3512http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3512http://secunia.com/advisories/25797http://www.frsirt.com/english/advisories/2007/2399cpe:/a:lhaca:file_archiver2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00KDDI sample CGI download program directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000494.html
A directory traversal vulnerability exists in a sample CGI download program included with KDDI's EZFactory.
A sample CGI download program is included with KDDI's EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory traversal vulnerability exists in this program.JVNDB-2007-000494http://jvn.jp/en/jp/JVN33593387/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3692http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3692http://xforce.iss.net/xforce/xfdb/35323http://securitytracker.com/id?1018344http://www.vupen.com/english/advisories/2007/2472http://osvdb.org/38453cpe:/a:kddi:download_cgi_sample_program2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Flash Player allows to send arbitrary Referer headers
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000507.html
Flash Player from Adobe contains a vulnerability allowing to send arbitrary Referer headers.
Flash Player from Adobe is a multimedia and application browser plugin for viewing Adobe Flash contents.
Flash Player contains a vulnerability allowing to send arbitrary Referer headers.JVNDB-2007-000507http://jvn.jp/cert/JVNTA07-192A/index.htmlhttp://jvn.jp/en/jp/JVN72595280/index.htmlhttp://jvn.jp/tr/TRTA07-192A/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3457http://www.us-cert.gov/cas/alerts/SA07-192A.htmlhttp://www.kb.cert.org/vuls/id/138457http://www.us-cert.gov/cas/techalerts/TA07-192A.htmlhttp://secunia.com/advisories/26027/http://www.securityfocus.com/bid/24779http://www.frsirt.com/english/advisories/2007/2497https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:flash_playercpe:/o:sun:solaris2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Nessus report function vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000548.html
Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report.
Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report.JVNDB-2007-000548http://jvn.jp/en/jp/JVN34058672/index.htmlcpe:/a:tenable:nessus2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Aruba Mobility Controller Series cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000551.html
Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability.
Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page to the web management screens.JVNDB-2007-000551http://jvn.jp/en/jp/JVN25471539/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4023http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4023http://secunia.com/advisories/26192cpe:/a:arubanetworks:aruba_mobility_controller2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Yayoi Kaikei improper handling of credential information
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000559.html
Yayoi Kaikei Quick Navigator sends user credentials unencrypted.
Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted.JVNDB-2007-000559http://jvn.jp/en/jp/JVN43615794/index.htmlcpe:/a:misc:yayoi-hanbaicpe:/a:misc:yayoi-kaikei2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Safari URL spoofing vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000560.html
Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar.
Apple's Safari is a web browser installed as default with Mac OS X.
There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users.
This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.JVNDB-2007-000560http://jvn.jp/en/jp/JVN16018033/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3742http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3742http://www.securityfocus.com/bid/24636http://xforce.iss.net/xforce/xfdb/35716http://www.frsirt.com/english/advisories/2007/2730https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:safaricpe:/h:apple:iphone2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WebCart cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000572.html
WebCart, provided by CGI's, contains a cross-site scripting vulnerability.
WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability.JVNDB-2007-000572http://jvn.jp/en/jp/JVN66303599/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4301http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4301http://secunia.com/advisories/26382http://www.securityfocus.com/bid/25261http://xforce.iss.net/xforce/xfdb/35946http://www.securitytracker.com/id?1018554http://osvdb.org/36441cpe:/a:webcart:webcart2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Apache Tomcat Host Manager cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000598.html
Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
The Host Manager Servlet does not properly filter user supplied data. This enables an cross-site scripting attack.JVNDB-2007-000598http://jvn.jp/en/jp/JVN59851336/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3386http://secunia.com/advisories/26465/http://www.securityfocus.com/bid/25314http://www.frsirt.com/english/advisories/2007/2880https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:rhel_desktop_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Tuigwaa cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000625.html
Tuigwaa, from the Tuigwaa Project, contains a cross-site scripting vulnerability.
Tuigwaa from the Tuigwaa Project is open source software to develop web applications.
Tuigwaa contains a cross-site scripting vulnerability.JVNDB-2007-000625http://jvn.jp/en/jp/JVN82276964/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4587http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4587http://secunia.com/advisories/26577http://www.securityfocus.com/bid/25447http://xforce.iss.net/xforce/xfdb/36264https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:the_seasar_foundation:escafeweb2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Mayaa cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000626.html
Mayaa, a Java template engine from the Seasar Project, contains a cross-site scripting vulnerability.
Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa.JVNDB-2007-000626http://jvn.jp/en/jp/JVN38199598/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4595http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4595http://secunia.com/advisories/26597http://www.securityfocus.com/bid/25443http://xforce.iss.net/xforce/xfdb/36269http://osvdb.org/36655https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:the_seasar_foundation:mayaa2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Shopping Basket Pro directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000639.html
A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE.
Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro.JVNDB-2007-000639http://jvn.jp/en/jp/JVN20452446/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4655http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4655http://secunia.com/advisories/26614https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cgi_rescue:shopping_basket_pro2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000640.html
Fulltext search CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability.
Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability.JVNDB-2007-000640http://jvn.jp/en/jp/JVN43091983/index.htmlcpe:/a:futomis_cgi_cafe:full-text_search_cgi2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:007-ZIP32.DLL buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000645.html
7-ZIP32.DLL, a library for compression and decompression supporting 7z, zip, and some other format files, contains a buffer overflow vulnerability.
7-ZIP32.DLL is an open source library for compression and decompression supporting 7z, zip, and some other format files. 7-ZIP32.DLL is based on "Integrated Archiver API Specification", and called from the compression/decompression software. 7-ZIP32.DLL contains a buffer overflow vulnerability. If a user decompresses and opens a specially crafted file, a remote attacker could possibly execute arbitrary code with the privilege of the user.JVNDB-2007-000645http://jvn.jp/en/jp/JVN62868899/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4725http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4725http://secunia.com/advisories/26624http://xforce.iss.net/xforce/xfdb/36459http://www.frsirt.com/english/advisories/2007/3086https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:akky:7-zip32.dll2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000646.html
httpd.pl from Fuktommy.com including an HTML preprocessor contains a directory traversal vulnerability.
httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability.JVNDB-2007-000646http://jvn.jp/en/jp/JVN01913089/index.htmlcpe:/a:misc:fuktommy_httpd.pl2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000647.html
Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code.
Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to view CGI source code in the server as it does not properly handle a specially crafted HTTP request.JVNDB-2007-000647http://jvn.jp/en/jp/JVN75899905/index.htmlcpe:/a:misc:fuktommy_httpd.pl2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000678.html
Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools.
Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools.JVNDB-2007-000678http://jvn.jp/en/jp/JVN35677737/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4785http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4785https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:sony:microvault_seriescpe:/h:sony:pocketbit_series2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Lhaplus buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000697.html
Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability.
Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, arbitrary code could be executed with the privilege of the user.JVNDB-2007-000697http://jvn.jp/en/jp/JVN70734805/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5048http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5048http://secunia.com/advisories/26907http://www.securityfocus.com/bid/25754http://xforce.iss.net/xforce/xfdb/36718https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lhaplus:lhaplus2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00JP1/NETM/DM Manager SQL Injection Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000699.html
JP1/NETM/DM Manager for Windows is vulnerable to SQL injection where a relational database is used as the JP1/NETM/DM database. This could allow attackers to execute arbitrary SQL command and/or corrupt database when it receives a malformed request.JVNDB-2007-000699http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3793http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3793http://secunia.com/advisories/26052http://www.securityfocus.com/bid/24903http://xforce.iss.net/xforce/xfdb/35386http://www.frsirt.com/english/advisories/2007/2535cpe:/a:hitachi:groupmax_remote_installation_servercpe:/a:hitachi:job_management_partner_1_software_distribution_managercpe:/a:hitachi:jp1_netm-dm_managercpe:/a:hitachi:netm_dm2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cosminexus javadoc Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000700.html
The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities.JVNDB-2007-000700http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4760http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4760http://secunia.com/advisories/26671http://www.securityfocus.com/bid/25518http://xforce.iss.net/xforce/xfdb/36393http://www.frsirt.com/english/advisories/2007/3033https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_developers_kit_for_javacpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_clientcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_erp_integratorcpe:/a:hitachi:ucosminexus_operatorcpe:/a:hitachi:ucosminexus_service2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java Buffer Overflow Vulnerabilities
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000701.html
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.JVNDB-2007-000701http://jvn.jp/cert/JVNTA07-022A/index.htmlhttp://jvn.jp/tr/TRTA07-022A/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3794http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3794http://www.us-cert.gov/cas/alerts/SA07-022A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-022A.htmlhttp://secunia.com/advisories/26025http://www.securityfocus.com/bid/24905http://xforce.iss.net/xforce/xfdb/36022http://www.frsirt.com/english/advisories/2007/2534cpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:cosminexus_clientcpe:/a:hitachi:cosminexus_collaborationcpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:cosminexus_developers_kit_for_javacpe:/a:hitachi:cosminexus_erp_integratorcpe:/a:hitachi:cosminexus_opentp1cpe:/a:hitachi:cosminexus_servercpe:/a:hitachi:cosminexus_studiocpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:groupmax_collaborationcpe:/a:hitachi:hitachi_developers_kit_for_javacpe:/a:hitachi:processing_kit_for_xmlcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_clientcpe:/a:hitachi:ucosminexus_collaborationcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_erp_integratorcpe:/a:hitachi:ucosminexus_opentp1cpe:/a:hitachi:ucosminexus_operatorcpe:/a:hitachi:ucosminexus_service2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000702.html
The image-processing APIs in Cosminexus Developer's Kit for Java is vulnerable to buffer overflow and a Denial od Service (DoS).JVNDB-2007-000702http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4758http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4758http://secunia.com/advisories/26538http://xforce.iss.net/xforce/xfdb/36618http://www.frsirt.com/english/advisories/2007/3034https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:cosminexus_clientcpe:/a:hitachi:cosminexus_collaborationcpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:cosminexus_developers_kit_for_javacpe:/a:hitachi:cosminexus_erp_integratorcpe:/a:hitachi:cosminexus_opentp1cpe:/a:hitachi:cosminexus_servercpe:/a:hitachi:cosminexus_studiocpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:groupmax_collaborationcpe:/a:hitachi:hitachi_developers_kit_for_javacpe:/a:hitachi:processing_kit_for_xmlcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_clientcpe:/a:hitachi:ucosminexus_collaborationcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_erp_integratorcpe:/a:hitachi:ucosminexus_opentp1cpe:/a:hitachi:ucosminexus_operatorcpe:/a:hitachi:ucosminexus_service2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cosminexus Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html
JSSE (Java Secure Socket Extension) in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.JVNDB-2007-000710http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281http://secunia.com/advisories/27075http://www.securityfocus.com/bid/25935http://xforce.iss.net/xforce/xfdb/36965http://www.frsirt.com/english/advisories/2007/3375https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_developers_kit_for_javacpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_clientcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_operatorcpe:/a:hitachi:ucosminexus_service2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00TPBroker Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000711.html
TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor terminate abnormally when the TSC Domain Manager receives invalid messages.JVNDB-2007-000711http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5283http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5283http://secunia.com/advisories/27035http://www.securityfocus.com/bid/25936http://xforce.iss.net/xforce/xfdb/36968http://www.frsirt.com/english/advisories/2007/3376https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_tpbroker_object_transaction_monitorcpe:/a:hitachi:tpbroker_object_transaction_monitor2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cosminexus Agent Process Crash Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000712.html
Cosminexus Agent process may crash when Cosminexus Agent receives specially crafted data from a process other than Cosminexus Manager. The crash doesn't affect the running applications launched by Cosminexux Agent.JVNDB-2007-000712http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5282http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5282http://secunia.com/advisories/27074http://www.securityfocus.com/bid/25937http://xforce.iss.net/xforce/xfdb/36966http://www.frsirt.com/english/advisories/2007/3377https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_agentcpe:/a:hitachi:cosminexus_library2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Safari allows access from HTTP to HTTPS
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000727.html
Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session.
Safari is a default web browser installed in Mac OS X and iPhone.
Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain.JVNDB-2007-000727http://jvn.jp/en/jp/JVN79013771/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4671http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4671http://secunia.com/advisories/26983http://www.securityfocus.com/bid/25852http://xforce.iss.net/xforce/xfdb/36862http://securitytracker.com/id?1018752http://www.frsirt.com/english/advisories/2007/3287https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:safaricpe:/h:apple:iphonecpe:/o:apple:mac_os_x2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Aipo session fixation vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000729.html
Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability.
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker.JVNDB-2007-000729http://jvn.jp/en/jp/JVN70075625/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5154http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5154http://secunia.com/advisories/27004/http://www.securityfocus.com/bid/25843http://xforce.iss.net/xforce/xfdb/36850https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:aimluck:aipocpe:/a:aimluck:aipo_asp2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Webmin OS command injection vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000730.html
Webmin, a web-based system management tool, contains a vulnerability that allows an unauthorized Webmin user to execute OS commands.
Webmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by entering a specially crafted URL.JVNDB-2007-000730http://jvn.jp/en/jp/JVN61208749/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5066http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5066http://secunia.com/advisories/26885http://www.securityfocus.com/bid/25773http://xforce.iss.net/xforce/xfdb/36759http://www.securitytracker.com/id?1018731http://www.frsirt.com/english/advisories/2007/3243https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:webmin:webmin2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00PowerArchiver buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000745.html
PowerArchiver from ConeXware, Inc. contains a buffer overflow vulnerability.
PowerArchiver, file compression/decompression software from ConeXware, Inc. supporting multiple compression file formats, contains a buffer overflow vulnerability.
If a user opens a specially crafted file, an attacker could execute arbitrary code with the privileges of the user.JVNDB-2007-000745http://jvn.jp/en/jp/JVN61323184/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5279http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5279http://secunia.com/advisories/27000http://www.frsirt.com/english/advisories/2007/3378https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:powerarchiver:powerarchiver2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hitachi Web Server SSL Client Authentication Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000772.html
Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent.
The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.JVNDB-2007-000772http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5810http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5810http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339http://secunia.com/advisories/27421http://xforce.iss.net/xforce/xfdb/28755http://www.frsirt.com/english/advisories/2007/3666https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_server_enterprisecpe:/a:hitachi:cosminexus_application_server_standardcpe:/a:hitachi:cosminexus_application_server_version_5cpe:/a:hitachi:cosminexus_developer_light_version_6cpe:/a:hitachi:cosminexus_developer_professional_version_6cpe:/a:hitachi:cosminexus_developer_standard_version_6cpe:/a:hitachi:cosminexus_developer_version_5cpe:/a:hitachi:cosminexus_server_-_enterprise_editioncpe:/a:hitachi:cosminexus_server_-_standard_editioncpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4cpe:/a:hitachi:cosminexus_server_-_web_editioncpe:/a:hitachi:cosminexus_server_-_web_edition_version_4cpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2014-05-23T18:32+09:002008-05-21T00:00+09:002014-05-23T18:32+09:00Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000773.html
When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines.
The vulnerability does not affect the product if the server-status reporting feature is disabled.JVNDB-2007-000773http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5809http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5809http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5752http://secunia.com/advisories/27421http://www.frsirt.com/english/advisories/2007/3666https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_server_enterprisecpe:/a:hitachi:cosminexus_application_server_standardcpe:/a:hitachi:cosminexus_application_server_version_5cpe:/a:hitachi:cosminexus_developer_light_version_6cpe:/a:hitachi:cosminexus_developer_professional_version_6cpe:/a:hitachi:cosminexus_developer_standard_version_6cpe:/a:hitachi:cosminexus_developer_version_5cpe:/a:hitachi:cosminexus_server_-_enterprise_editioncpe:/a:hitachi:cosminexus_server_-_standard_editioncpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4cpe:/a:hitachi:cosminexus_server_-_web_editioncpe:/a:hitachi:cosminexus_server_-_web_edition_version_4cpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2014-05-21T18:27+09:002008-05-21T00:00+09:002014-05-21T18:27+09:00MouseoverDictionary vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000779.html
MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script.
MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script on the user's web browser as it does not handle the sidebar HTML page properly.JVNDB-2007-000779http://jvn.jp/en/jp/JVN63304072/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5459http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5459http://secunia.com/advisories/27195/http://www.securityfocus.com/bid/26053http://xforce.iss.net/xforce/xfdb/37184https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:itirou_maruta:mouseoverdictionary2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00NetCommons cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000801.html
NetCommons from the NetCommons Project contains a cross-site scripting vulnerability.
NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions.
NetCommons contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#51301450.JVNDB-2007-000801http://jvn.jp/en/jp/JVN79295963/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5950http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5950http://secunia.com/advisories/27484http://www.securityfocus.com/bid/26328http://xforce.iss.net/xforce/xfdb/38257http://www.frsirt.com/english/advisories/2007/3717https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:netcommons:netcommons2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Lotus Domino cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000802.html
IBM Lotus Domino contains a cross-site scripting vulnerability.
IBM Lotus Domino is server software for Lotus Notes, groupware from IBM.
Lotus Domino contains a cross-site scripting vulnerability.JVNDB-2007-000802http://jvn.jp/en/jp/JVN84565055/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5924http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5924http://secunia.com/advisories/27509http://www.securityfocus.com/bid/26298http://www.frsirt.com/english/advisories/2007/3700https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ibm:lotus_domino2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cross-site scripting vulnerability in updir.php in UPDIR.NET
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000803.html
updir.php in UPDIR.NET contains a cross-site scripting vulnerability in the full-text search and file upload functions.
updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload image files, etc. on the web server and publish and manage the uploaded files. updir.php contains a cross-site scripting vulnerability in the full-text search and file upload functions.JVNDB-2007-000803http://jvn.jp/en/jp/JVN99453765/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5955http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5955http://secunia.com/advisories/27581http://www.securityfocus.com/bid/26394http://xforce.iss.net/xforce/xfdb/38364https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:updir:updir2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000804.html
Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script.
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web browser when the search result is displayed.JVNDB-2007-000804http://jvn.jp/en/jp/JVN65427327/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6002http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6002http://secunia.com/advisories/27655http://secunia.com/advisories/27675http://www.securityfocus.com/bid/26418http://xforce.iss.net/xforce/xfdb/38441https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:granicpe:/a:fenrir-inc:portable_sleipnircpe:/a:fenrir-inc:sleipnir2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00RoundCube Webmail cross-site request forgery vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000805.html
RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability.
RoundCube Webmail is an open source webmail client from the RoundCube Project.
RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines.JVNDB-2007-000805http://jvn.jp/en/jp/JVN33820033/index.htmlcpe:/a:roundcube:roundcube_webmail2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Feed2JS cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000806.html
Feed2JS (Feed to JavaScript), an open source web application, contains a cross-site scripting vulnerability.
Feed2JS (Feed to JavaScript) is an open source web application which converts RSS feeds into JavaScript.
Feed2JS contains a cross-site scripting vulnerability.JVNDB-2007-000806http://jvn.jp/en/jp/JVN33218020/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6102http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6102http://secunia.com/advisories/27749http://www.frsirt.com/english/advisories/2007/3961https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:feed2js:feed2js2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00FileMaker cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000807.html
FileMaker from FileMaker, Inc. contains a cross-site scripting vulnerability.
FileMaker is database software from FileMaker, Inc.
FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web.JVNDB-2007-000807http://jvn.jp/en/jp/JVN55833292/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6104http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6104http://secunia.com/advisories/27750http://www.securityfocus.com/bid/26515http://xforce.iss.net/xforce/xfdb/38600http://www.frsirt.com/english/advisories/2007/3937https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:claris:filemakercpe:/a:claris:filemaker_procpe:/a:claris:filemaker_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Lhaplus buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000808.html
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability.
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user.
This vulnerability is different from JVN#70734805.JVNDB-2007-000808http://jvn.jp/en/jp/JVN82610488/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6175http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6175http://secunia.com/advisories/27734http://www.securityfocus.com/bid/26531http://xforce.iss.net/xforce/xfdb/38624http://www.frsirt.com/english/advisories/2007/3960https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lhaplus:lhaplus2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00SonicStage CP buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000809.html
SonicStage CP is vulnerable to buffer overflow.
Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension.JVNDB-2007-000809http://jvn.jp/en/jp/JVN66291445/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5709http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5709http://secunia.com/advisories/27270http://www.securityfocus.com/bid/26241http://xforce.iss.net/xforce/xfdb/38160https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sony:sonicstage2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00JP1/Cm2/Network Node Manager vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000810.html
Hitachi JP1/Cm2/Network Node Manager (NNM) is vulnerable to cross-site scripting.
Hitachi JP1/Cm2/Network Node Manager (NNM) is software that helps a network administrator manage network configurations, faults, and other elements. Hitachi NNM is vulnerable to cross-site scripting.JVNDB-2007-000810http://jvn.jp/en/jp/JVN52846259/index.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00HttpLogger vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000811.html
KLab HttpLogger is vulnerable to cross-site scripting.
Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting.JVNDB-2007-000811http://jvn.jp/en/jp/JVN02854109/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6308http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6308http://secunia.com/advisories/27960https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:httplogger:httplogger2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cybozu Office denial of service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000812.html
Cybozu Office contains a denial of service (DoS) vulnerability.
Cybozu Office, web-based groupware, is vulnerable to a denial of service (DoS) attack because it fails to properly handle specially crafted HTTP requests.JVNDB-2007-000812http://jvn.jp/en/jp/JVN77414947/index.htmlcpe:/a:cybozu:office2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple Cybozu products vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000813.html
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#90712589.JVNDB-2007-000813http://jvn.jp/en/jp/JVN50342989/index.htmlcpe:/a:cybozu:dotsalescpe:/a:cybozu:garooncpe:/a:cybozu:office2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple Cybozu products vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000814.html
Multiple Cybozu products are vulnerable to HTTP header injection.
Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.JVNDB-2007-000814http://jvn.jp/en/jp/JVN77730435/index.htmlcpe:/a:cybozu:garooncpe:/a:cybozu:office2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple Cybozu products vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000815.html
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#50342989.JVNDB-2007-000815http://jvn.jp/en/jp/JVN90712589/index.htmlcpe:/a:cybozu:dotsalescpe:/a:cybozu:garooncpe:/a:cybozu:office2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Rainboard cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000816.html
The Rainboard bulletin board software is vulnerable to cross-site scripting.
The Rainboard bulletin board software provided by UDON is vulnerable to cross-site scripting.JVNDB-2007-000816http://jvn.jp/en/jp/JVN23120863/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6346http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6346http://secunia.com/advisories/28069https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:rainboard:rainboard2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Flash Player vulnerable in handling cross-domain policy files
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html
Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files.
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.
According to Adobe's "About allowing cross-domain data loading", "When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible."
Flash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.JVNDB-2007-000817http://jvn.jp/en/jp/JVN45675516/index.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6243http://www.us-cert.gov/cas/alerts/SA08-150A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://secunia.com/advisories/28161http://xforce.iss.net/xforce/xfdb/39129http://securitytracker.com/id?1019116http://www.frsirt.com/english/advisories/2007/4258http://www.frsirt.com/english/advisories/2008/2838http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000817.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:flash_playercpe:/a:redhat:enterprise_linuxcpe:/a:redhat:rhel_desktop_supplementarycpe:/a:redhat:rhel_supplementarycpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:sun:opensolariscpe:/o:sun:solariscpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_wizpy2009-02-10T11:32+09:002008-05-21T00:00+09:002009-02-10T11:32+09:00Flash Player allows to send arbitrary HTTP headers
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000818.html
Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.
Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.
This vulnerability is different from JVN#72595280.JVNDB-2007-000818http://jvn.jp/en/jp/JVN50876069/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6245http://www.us-cert.gov/cas/alerts/SA08-100A.htmlhttp://www.us-cert.gov/cas/alerts/SA07-355A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-100A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-355A.htmlhttp://secunia.com/advisories/28161http://xforce.iss.net/xforce/xfdb/39134http://securitytracker.com/id?1019116http://www.frsirt.com/english/advisories/2007/4258https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:flash_playercpe:/a:redhat:enterprise_linuxcpe:/a:redhat:rhel_desktop_supplementarycpe:/a:redhat:rhel_supplementarycpe:/o:sun:opensolariscpe:/o:sun:solaris2008-06-20T13:34+09:002008-05-21T00:00+09:002008-06-20T13:34+09:00Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html
mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.
The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.JVNDB-2007-000819http://jvn.jp/en/jp/JVN80057925/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000http://secunia.com/advisories/28046http://secunia.com/advisories/28073http://www.frsirt.com/english/advisories/2007/4201http://www.frsirt.com/english/advisories/2007/4202https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:http_servercpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:interstage_web_servercpe:/a:fujitsu:systemwalker_resource_coordinatorcpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:cosminexus_servercpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_servicecpe:/a:ibm:http_servercpe:/a:oracle:http_servercpe:/a:redhat:rhel_application_stackcpe:/h:nec:wanboostercpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstationcpe:/o:redhat:rhel_desktop_workstationcpe:/o:sun:solariscpe:/o:turbolinux:turbolinux_appliance_servercpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_server2013-07-18T18:58+09:002008-05-21T00:00+09:002013-07-18T18:58+09:00Google Web Toolkit vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000820.html
Google Web Toolkit (GWT) is vulnerable to cross-site scripting.
Google Web Toolkit (GWT) is an open source software development framework that allows web developers to create Ajax applications in Java.
The benchmark reporting system in GWT is vulnerable to cross-site scripting.JVNDB-2007-000820http://jvn.jp/en/jp/JVN75130343/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6452http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6452http://secunia.com/advisories/28122http://www.securityfocus.com/bid/26915http://www.frsirt.com/english/advisories/2007/4248https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:google:web_toolkit2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WinAce buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000822.html
WinAce provided by e-merge GmbH is vulnerable to buffer overflow.
WinAce provided by e-merge GmbH is software to compress and decompress files in multiple types of compression format.
WinAce is vulnerable to buffer overflow. When WinAce decompresses a specially crafted file, this vulnerability can be exploited to execute arbitrary code with the privilege of the user running the application.JVNDB-2007-000822http://jvn.jp/en/jp/JVN44736880/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6563http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6563http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225http://secunia.com/advisories/28215http://www.securityfocus.com/bid/27017http://xforce.iss.net/xforce/xfdb/39268http://www.frsirt.com/english/advisories/2007/4312https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:e-merge:winace2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000823.html
Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting.
Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting.JVNDB-2007-000823http://jvn.jp/en/jp/JVN89292430/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6569http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6569http://secunia.com/advisories/28216/http://secunia.com/advisories/28186http://www.securityfocus.com/bid/26978http://www.frsirt.com/english/advisories/2007/4313https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sun:java_system_web_proxy_servercpe:/a:sun:java_system_web_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00GreaseKit and Creammonkey allows execution of userscript functions
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000824.html
GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts.
GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts.
GreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page.JVNDB-2007-000824http://jvn.jp/en/jp/JVN33044255/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6640http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6640http://secunia.com/advisories/28241http://xforce.iss.net/xforce/xfdb/39272https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sourceforge:creammonkeycpe:/a:sourceforge:greasekit2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00AirStation series and BroadStation series vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000875.html
Buffalo's AirStation Series and BroadStation Series routers are vulnerable to cross-site request forgery.
Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The web administration interface is vulnerable to cross-site request forgery.JVNDB-2007-000875http://jvn.jp/en/jp/JVN71872818/index.htmlcpe:/o:buffalo_inc:bhr-4rv_firmwarecpe:/o:buffalo_inc:whr2-g54v_firmwarecpe:/o:buffalo_inc:wzr-rs-g54hp_firmwarecpe:/o:buffalo_inc:wzr-rs-g54_firmware2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ichitaro series buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000876.html
The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#32981509 and JVN#50495547.
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.JVNDB-2007-000876http://jvn.jp/en/jp/JVN29211062/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5687http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5687http://secunia.com/advisories/27393http://www.securityfocus.com/bid/26206http://www.frsirt.com/english/advisories/2007/3623https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitaro2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ichitaro series buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000877.html
The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#29211062 and JVN#50495547.
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.JVNDB-2007-000877http://jvn.jp/en/jp/JVN32981509/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5687http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5687http://secunia.com/advisories/27393http://www.securityfocus.com/bid/26206http://www.frsirt.com/english/advisories/2007/3623https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitaro2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ichitaro series buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000878.html
The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN#29211062 and JVN#32981509.
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user.JVNDB-2007-000878http://jvn.jp/en/jp/JVN50495547/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5687http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5687http://secunia.com/advisories/27393http://www.securityfocus.com/bid/26206http://www.frsirt.com/english/advisories/2007/3623https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitaro2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Groupmax Collaboration Schedule Information Disclosure Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000921.html
The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet.JVNDB-2007-000921http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5808http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5808http://secunia.com/advisories/27451http://xforce.iss.net/xforce/xfdb/38188http://www.frsirt.com/english/advisories/2007/3667https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_client_mail_schedulecpe:/a:hitachi:ucosminexus_collaboration_portal2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hitachi JP1/File Transmission Server/FTP Authentication Bypass Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000999.html
Hitachi JP1/File Transmission Server/FTP contains a vulnerability which could be exploited to bypass authentication.JVNDB-2007-000999http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6145http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6145http://secunia.com/advisories/27735http://www.securityfocus.com/bid/26530http://xforce.iss.net/xforce/xfdb/38610http://www.frsirt.com/english/advisories/2007/3957https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_file_transmission_server_ftp2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hitachi JP1/File Transmission Server/FTP Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001000.html
Hitachi JP1/File Transmission Server/FTP does not handle certain FTP command arguments properly, which could trigger Denial of Service (DoS) incidents.JVNDB-2007-001000http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6146http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6146http://secunia.com/advisories/27735http://www.securityfocus.com/bid/26542http://www.frsirt.com/english/advisories/2007/3957https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_file_transmission_server_ftp2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Apache UTF-7 Encoding Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html
The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.JVNDB-2007-001022http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465http://www.us-cert.gov/cas/alerts/SA08-150A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.securityfocus.com/bid/25653http://xforce.iss.net/xforce/xfdb/36586http://www.securitytracker.com/id?1019194https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:http_servercpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:interstage_web_servercpe:/a:fujitsu:systemwalker_resource_coordinatorcpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_servicecpe:/o:apple:mac_os_x_servercpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstationcpe:/o:redhat:rhel_desktop_workstationcpe:/o:turbolinux:turbolinux_appliance_servercpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_server2009-11-16T11:52+09:002008-05-21T00:00+09:002009-11-16T11:52+09:00Cosminexus Application Server Incorrect Group Permission Handling Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001091.html
When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user's group permissions to an activated server process.JVNDB-2007-001091http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4564http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4564http://secunia.com/advisories/26589http://www.securityfocus.com/bid/25434http://xforce.iss.net/xforce/xfdb/36245https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_service2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00JP1/Cm2/Network Node Manager Arbitrary Code Execution Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001092.html
Shared Trace Service in JP1/Cm2/Network Node Manager (NNM) is vulnerable to arbitrary code execution.JVNDB-2007-001092http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4720http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4720http://secunia.com/advisories/26668http://www.securityfocus.com/bid/25520http://xforce.iss.net/xforce/xfdb/36374http://www.frsirt.com/english/advisories/2007/3035https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cosminexus Component Container Session Handling Vulnerability
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001133.html
The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data.JVNDB-2007-001133http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4124http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4124http://secunia.com/advisories/26250http://www.securityfocus.com/bid/25145http://xforce.iss.net/xforce/xfdb/35706http://www.frsirt.com/english/advisories/2007/2725cpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:cosminexus_collaborationcpe:/a:hitachi:cosminexus_component_containercpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:cosminexus_erp_integratorcpe:/a:hitachi:cosminexus_opentp1cpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:groupmax_collaborationcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_collaborationcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_erp_integratorcpe:/a:hitachi:ucosminexus_opentp1cpe:/a:hitachi:ucosminexus_service2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00boastMachine vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-002102.html
boastMachine provided by knadh contains a cross-site scripting vulnerability (CWE-79).
Daiki Fukumori reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2007-002102https://jvn.jp/en/jp/JVN65660590/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2932https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2932https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:knadh_boastmachine2021-06-30T14:32+09:002021-06-30T14:32+09:002021-06-30T14:32+09:00