JVNDB-2005-000163
Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters
Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.
Red Hat, Inc.
Red Hat Enterprise Linux
cpe:/o:redhat:enterprise_linux
2.1 (as)
2.1 (es)
2.1 (ws)
Red Hat, Inc.
Red Hat Linux Advanced Workstation
cpe:/o:redhat:linux_advanced_workstation
2.1
Sylpheed
Sylpheed
cpe:/a:sylpheed:sylpheed
1.0.3 and earlier
1.9.5 and earlier
Turbolinux, Inc.
Turbolinux
cpe:/o:turbolinux:turbolinux
10_f
Turbolinux, Inc.
Turbolinux Desktop
cpe:/o:turbolinux:turbolinux_desktop
10
Turbolinux, Inc.
Turbolinux Home
cpe:/o:turbolinux:turbolinux_home
Turbolinux, Inc.
Turbolinux Server
cpe:/o:turbolinux:turbolinux_server
7
8
Turbolinux, Inc.
Turbolinux Workstation
cpe:/o:turbolinux:turbolinux_workstation
7
8
Medium
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
An Attacker could execute arbitrary code with the privileges of the user running Sylpheed.
Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
NEWS
1.0.3
http://sylpheed.sraoss.jp/changelog.html
NEWS
1.9.5
http://sylpheed.sraoss.jp/changelog-devel.html
Red Hat Security Advisory
RHSA-2005:303
https://rhn.redhat.com/errata/RHSA-2005-303.html
Turbolinux Security Advisory
TLSA-2005-44
http://www.turbolinux.com/security/2005/TLSA-2005-44.txt
Common Vulnerabilities and Exposures (CVE)
CVE-2005-0667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0667
National Vulnerability Database (NVD)
CVE-2005-0667
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0667
Secunia Advisory
SA14491
http://secunia.com/advisories/14491/
SecurityFocus
12730
http://www.securityfocus.com/bid/12730
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-03-04T00:00:00+09:00
JVNDB-2005-000199
Sylpheed Filename Buffer Overflow Vulnerability
Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.
Sylpheed
Sylpheed
cpe:/a:sylpheed:sylpheed
1.0.4 and earlier
Turbolinux, Inc.
Turbolinux
cpe:/o:turbolinux:turbolinux
10_f
Turbolinux, Inc.
Turbolinux Desktop
cpe:/o:turbolinux:turbolinux_desktop
10
Turbolinux, Inc.
Turbolinux Home
cpe:/o:turbolinux:turbolinux_home
Turbolinux, Inc.
Turbolinux Server
cpe:/o:turbolinux:turbolinux_server
7
8
Turbolinux, Inc.
Turbolinux Workstation
cpe:/o:turbolinux:turbolinux_workstation
7
8
Medium
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
An attacker could execute arbitrary code with the privileges of the user running Sylpheed.
Please refer to the 'Vendor Information' and 'References' section for appropriate remediation.
NEWS
1.0.4
http://sylpheed.sraoss.jp/changelog.html
Turbolinux Security Advisory
TLSA-2005-44
http://www.turbolinux.com/security/2005/TLSA-2005-44.txt
Common Vulnerabilities and Exposures (CVE)
CVE-2005-0926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0926
National Vulnerability Database (NVD)
CVE-2005-0926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0926
SecurityFocus
12934
http://www.securityfocus.com/bid/12934
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-03-24T00:00:00+09:00
JVNDB-2005-000343
DeleGate DNS Message Decompression Denial of Service Vulnerability
DNS implementation in DeleGate does not handle a compressed DNS packet properly, which could cause an infinite loop. Note that some other DNS packet processing systems have the issues related to this vulnerability. For more information on those systems, please refer to NISCC-589088 (JVN) and NISCC Advisory 589088/NISCC/DNS (CPNI Advisory 00432).
DeleGate.org
DeleGate
cpe:/a:delegate:delegate
8.10.2 and eariler
Medium
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
An attacker could cause a Denial of Service (DoS) on DeleGate and other certain DNS packet processing systems by feeding a malformed DNS message itno them.
Please refer to the 'Vendor Information' and 'References' section for appropriate remediation.
DeleGate
Top Page
http://www.delegate.org/delegate/
Common Vulnerabilities and Exposures (CVE)
CVE-2005-0036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0036
CPNI Vulnerability Advisory
00432
http://www.cpni.gov.uk/Products/vulnerabilitydisclosures/default.aspx?id=va-20050524-00432.xml
FrSIRT Advisories
FrSIRT/ADV-2005-0610
http://www.frsirt.com/english/advisories/2005/0610
JVN
NISCC-589088
http://jvn.jp/niscc/NISCC-589088/index.html
National Vulnerability Database (NVD)
CVE-2005-0036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0036
NISCC Vulnerability Advisory
589088/NISCC/DNS
http://www.cpni.gov.uk/docs/re-20050524-00432.pdf?lang=en
SecurityFocus
13729
http://www.securityfocus.com/bid/13729
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-05-24T00:00:00+09:00
JVNDB-2005-000396
Ruby XMLRPC Arbitrary Command Execution Vulnerability
utils.rb in The Ruby XMLRPC server sets an insecure default value for the public_instance_methods function, which could cause the highly privileged function to be exposed.
Red Hat, Inc.
Red Hat Enterprise Linux
cpe:/o:redhat:enterprise_linux
4 (as)
4 (es)
4 (ws)
Red Hat, Inc.
Red Hat Enterprise Linux Desktop
cpe:/o:redhat:enterprise_linux_desktop
4.0
Ruby
Ruby
cpe:/a:ruby-lang:ruby
1.8
Turbolinux, Inc.
Turbolinux Server
cpe:/o:turbolinux:turbolinux_server
10
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
An attacker could execute arbitrary command on the system running Ruby XMLRPC.
Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Red Hat Security Advisory
RHSA-2005:543
https://rhn.redhat.com/errata/RHSA-2005-543.html
Ruby
Top Page
http://www.ruby-lang.org/
Ruby
arbitrary command execution on XMLRPC server
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237
Turbolinux Security Advisory
TLSA-2005-74
http://www.turbolinux.com/security/2005/TLSA-2005-74.txt
Common Vulnerabilities and Exposures (CVE)
CVE-2005-1992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1992
FrSIRT Advisories
FrSIRT/ADV-2005-0833
http://www.frsirt.com/english/advisories/2005/0833
National Vulnerability Database (NVD)
CVE-2005-1992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-1992
Secunia Advisory
SA15767
http://secunia.com/advisories/15767/
SecurityFocus
14016
http://www.securityfocus.com/bid/14016
SecurityTracker
1014253
http://securitytracker.com/alerts/2005/Jun/1014253.html
US-CERT Vulnerability Note
VU#684913
http://www.kb.cert.org/vuls/id/684913
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-06-20T00:00:00+09:00
JVNDB-2005-000530
Vulnerability in multiple web browsers allowing request spoofing attacks
Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.
Cybertrust Japan Co., Ltd.
Asianux Server
cpe:/o:misc:miraclelinux_asianux_server
2.0 Standard Edition
2.1 Standard Edition
3.0
3.0 (x86-64)
4.0
4.0 (x86-64)
mozilla.org contributors
Mozilla Firefox
cpe:/a:mozilla:firefox
1.0.6 and earlier
mozilla.org contributors
Mozilla Suite
cpe:/a:mozilla:mozilla_suite
1.7.11 and earlier
Opera Software ASA
Opera
cpe:/a:opera:opera_browser
8.02 and earlier
Red Hat, Inc.
Red Hat Enterprise Linux
cpe:/o:redhat:enterprise_linux
2.1 (as)
2.1 (es)
2.1 (ws)
3 (as)
3 (es)
3 (ws)
4 (as)
4 (es)
4 (ws)
Red Hat, Inc.
Red Hat Enterprise Linux Desktop
cpe:/o:redhat:enterprise_linux_desktop
3.0
4.0
Red Hat, Inc.
Red Hat Linux Advanced Workstation
cpe:/o:redhat:linux_advanced_workstation
2.1
Turbolinux, Inc.
Turbolinux
cpe:/o:turbolinux:turbolinux
10_f
Turbolinux, Inc.
Turbolinux Desktop
cpe:/o:turbolinux:turbolinux_desktop
10
Turbolinux, Inc.
Turbolinux Home
cpe:/o:turbolinux:turbolinux_home
Turbolinux, Inc.
Turbolinux Multimedia
cpe:/o:turbolinux:turbolinux_multimedia
Turbolinux, Inc.
Turbolinux Personal
cpe:/o:turbolinux:turbolinux_personal
Turbolinux, Inc.
Turbolinux Server
cpe:/o:turbolinux:turbolinux_server
10
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
Authentication information or cookie information could be leaked.
MIRACLE LINUX Update Information
AXSA-2005-79:2
http://www.miraclelinux.com/support/update/list.php?errata_id=190
MIRACLE LINUX Update Information
AXSA-2005-80:2
http://www.miraclelinux.com/support/update/list.php?errata_id=211
Mozilla Foundation Security Advisory
mfsa2005-58
http://www.mozilla.org/security/announce/2005/mfsa2005-58.html
Opera knowledge base
810
http://www.opera.com/support/search/view/810/
Red Hat Security Advisory
RHSA-2005:785
https://rhn.redhat.com/errata/RHSA-2005-785.html
Red Hat Security Advisory
RHSA-2005:789
https://rhn.redhat.com/errata/RHSA-2005-789.html
Red Hat Security Advisory
RHSA-2005:791
https://rhn.redhat.com/errata/RHSA-2005-791.html
Turbolinux Security Advisory
TLSA-2005-93
http://www.turbolinux.com/security/2005/TLSA-2005-93.txt
Common Vulnerabilities and Exposures (CVE)
CVE-2005-2703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703
FrSIRT Advisories
FrSIRT/ADV-2005-1824
http://www.frsirt.com/english/advisories/2005/1824
JVN
JVN#31226748
http://jvn.jp/en/jp/JVN31226748/
National Vulnerability Database (NVD)
CVE-2005-2703
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2703
Secunia Advisory
SA16911
http://secunia.com/advisories/16911/
SecurityFocus
14923
http://www.securityfocus.com/bid/14923
JVNDB
CWE-94
Code Injection
https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-09-16T00:00:00+09:00
JVNDB-2005-000537
Webmin and Usermin authentication bypass vulnerability
Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.
Cybertrust Japan Co., Ltd.
Asianux Server
cpe:/o:misc:miraclelinux_asianux_server
2.0
2.1
Webmin Project
Usermin
cpe:/a:webmin:usermin
Version 1.130 - 1.160
Webmin Project
Webmin
cpe:/a:webmin:webmin
Version 1.200 - 1.220
Critical
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command with root privileges.
MIRACLE LINUX Update Information
webmin (V2.x)
http://www.miraclelinux.com/support/update/list.php?errata_id=189
MIRACLE LINUX Update Information
usermin (V2.x)
http://www.miraclelinux.com/support/update/list.php?errata_id=990
Webmin Security Alerts
Security Alerts
http://www.webmin.com/security.html
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3042
FrSIRT Advisories
FrSIRT/ADV-2005-1791
http://www.frsirt.com/english/advisories/2005/1791
JVN
JVN#40940493
http://jvn.jp/en/jp/JVN40940493/index.html
National Vulnerability Database (NVD)
CVE-2005-3042
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3042
Secunia Advisory
SA16858
http://secunia.com/advisories/16858/
SecurityFocus
14889
http://www.securityfocus.com/bid/14889
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-09-20T00:00:00+09:00
JVNDB-2005-000538
Ruby vulnerability allowing to bypass safe level 4 as a sandbox
Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: "object taint" and "safe level". Ruby contains a vulnerability that may allow an attacker to execute an arbitrary script by bypassing the "safe level" checks.
Cybertrust Japan Co., Ltd.
Asianux Server
cpe:/o:misc:miraclelinux_asianux_server
3.0
3.0 (x86-64)
4.0
4.0 (x86-64)
Red Hat, Inc.
Red Hat Enterprise Linux
cpe:/o:redhat:enterprise_linux
2.1 (as)
2.1 (es)
2.1 (ws)
3 (as)
3 (es)
3 (ws)
4 (as)
4 (es)
4 (ws)
Ruby
Ruby
cpe:/a:ruby-lang:ruby
1.6.8 and earlier
1.8.2 and earlier
Development versions(1.9.0) 2005-09-01 and earlier
Medium
4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
An attacker could possibly execute an arbitrary script.
MIRACLE LINUX Update Information
224
http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=224
Red Hat Security Advisory
RHSA-2005:799
https://rhn.redhat.com/errata/RHSA-2005-799.html
Ruby News
Ruby vulnerability in the safe level settings
http://www.ruby-lang.org/de/news/2005/10/03/ruby-vulnerability-in-the-safe-level-settings/
Common Vulnerabilities and Exposures (CVE)
CVE-2005-2337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2337
JVN
JVN#62914675
http://jvn.jp/en/jp/JVN62914675/index.html
National Vulnerability Database (NVD)
CVE-2005-2337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2337
SecurityFocus
14909
http://www.securityfocus.com/bid/14909
US-CERT Vulnerability Note
VU#160012
http://www.kb.cert.org/vuls/id/160012
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-09-21T00:00:00+09:00
JVNDB-2005-000601
OpenSSL version rollback vulnerability
OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path. RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.
Cybertrust Japan Co., Ltd.
Asianux Server
cpe:/o:misc:miraclelinux_asianux_server
2.0 Standard Edition
2.1 Standard Edition
3.0
3.0 (x86-64)
4.0
4.0 (x86-64)
FUJITSU
FMSE-C301
cpe:/h:fujitsu:fmse-c301
FUJITSU
IPCOM Series
cpe:/h:fujitsu:ipcom
Hewlett-Packard Development Company,L.P
HP-UX
cpe:/o:hp:hp-ux
11.00
11.11
11.23
Hitachi, Ltd
Cosminexus Application Server Enterprise
cpe:/a:hitachi:cosminexus_application_server_enterprise
Version 6
Hitachi, Ltd
Cosminexus Application Server Standard
cpe:/a:hitachi:cosminexus_application_server_standard
Version 6
Hitachi, Ltd
Cosminexus Application Server Version 5
cpe:/a:hitachi:cosminexus_application_server_version_5
Hitachi, Ltd
Cosminexus Developer Light Version 6
cpe:/a:hitachi:cosminexus_developer_light_version_6
Hitachi, Ltd
Cosminexus Developer Professional Version 6
cpe:/a:hitachi:cosminexus_developer_professional_version_6
Hitachi, Ltd
Cosminexus Developer Standard Version 6
cpe:/a:hitachi:cosminexus_developer_standard_version_6
Hitachi, Ltd
Cosminexus Developer Version 5
cpe:/a:hitachi:cosminexus_developer_version_5
Hitachi, Ltd
Cosminexus Server - Enterprise Edition
cpe:/a:hitachi:cosminexus_server_-_enterprise_edition
Hitachi, Ltd
Cosminexus Server - Standard Edition
cpe:/a:hitachi:cosminexus_server_-_standard_edition
Hitachi, Ltd
Cosminexus Server - Standard Edition Version 4
cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4
Hitachi, Ltd
Cosminexus Server - Web Edition
cpe:/a:hitachi:cosminexus_server_-_web_edition
Hitachi, Ltd
Cosminexus Server - Web Edition Version 4
cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4
Hitachi, Ltd
Hitachi Web Server
cpe:/a:hitachi:hitachi_web_server
- Custom Edition
- Security Enhancement
for VOS3
Hitachi, Ltd
uCosminexus Application Server Enterprise
cpe:/a:hitachi:ucosminexus_application_server_enterprise
Hitachi, Ltd
uCosminexus Application Server Smart Edition
cpe:/a:hitachi:ucosminexus_application_server_smart_edition
Hitachi, Ltd
uCosminexus Application Server Standard
cpe:/a:hitachi:ucosminexus_application_server_standard
Hitachi, Ltd
uCosminexus Developer
cpe:/a:hitachi:ucosminexus_developer
Professional
Hitachi, Ltd
uCosminexus Developer Light
cpe:/a:hitachi:ucosminexus_developer_light
Hitachi, Ltd
uCosminexus Developer Standard
cpe:/a:hitachi:ucosminexus_developer_standard
Hitachi, Ltd
uCosminexus Service Architect
cpe:/a:hitachi:ucosminexus_service_architect
Hitachi, Ltd
uCosminexus Service Platform
cpe:/a:hitachi:ucosminexus_service_platform
OpenSSL Project
OpenSSL
cpe:/a:openssl:openssl
0.9.8 and earlier
Red Hat, Inc.
Red Hat Enterprise Linux
cpe:/o:redhat:enterprise_linux
2.1 (as)
2.1 (es)
2.1 (ws)
3 (as)
3 (es)
3 (ws)
4 (as)
4 (es)
4 (ws)
Red Hat, Inc.
Red Hat Linux Advanced Workstation
cpe:/o:redhat:linux_advanced_workstation
2.1
Sun Microsystems, Inc.
Sun Solaris
cpe:/o:sun:solaris
10 (sparc)
10 (x86)
Trend Micro, Inc.
InterScan Messaging Security Suite
cpe:/a:trendmicro:interscan_messaging_security_suite
for Linux 5.11
for Solaris 5.11
Trend Micro, Inc.
TrendMicro InterScan VirusWall
cpe:/a:trendmicro:interscan_viruswall
3.81 and earlier
Trend Micro, Inc.
TrendMicro InterScan Web Security Suite
cpe:/a:trendmicro:interscan_web_security_suite
for Linux 1.02
for Solaris 1.1
for Windows 1.01
Turbolinux, Inc.
Turbolinux Appliance Server
cpe:/o:turbolinux:turbolinux_appliance_server
1.0 (hosting)
1.0 (workgroup)
2.0
Turbolinux, Inc.
Turbolinux FUJI
cpe:/o:turbolinux:turbolinux_fuji
Turbolinux, Inc.
Turbolinux Multimedia
cpe:/o:turbolinux:turbolinux_multimedia
Turbolinux, Inc.
Turbolinux Personal
cpe:/o:turbolinux:turbolinux_personal
Turbolinux, Inc.
Turbolinux Server
cpe:/o:turbolinux:turbolinux_server
10
10 (x64)
11
11 (x64)
8
Turbolinux, Inc.
wizpy
cpe:/o:turbolinux:turbolinux_wizpy
Low
2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle (MITM) attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data.
FUJITSU Security Information
20061024
http://www.fmworld.net/biz/common/peripherals/20061024/
FUJITSU Security Information
JVN#23632449
http://software.fujitsu.com/jp/security/vulnerabilities/jvn-23632449.html
FutureNet Support
JVN#23632449
http://www.centurysys.co.jp/support/JVN23632449.htm
Hitachi Software Vulnerability Information
HS06-022
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS06-022/index.html
HP Security Bulletin
HPSBUX02174
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
HP Security Bulletin
HPSBUX02186
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
MIRACLE LINUX Update Information
AXSA-2005-97:1
http://www.miraclelinux.com/support/update/list.php?errata_id=214
OpenSSL Security Advisory
secadv_20051011
http://www.openssl.org/news/secadv_20051011.txt
Red Hat Security Advisory
RHSA-2005:800
https://rhn.redhat.com/errata/RHSA-2005-800.html
Sun Alert Notification
101974
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1
Trend Micro ReadMe Documentation
readme_iwss102_lin_patch4_b2013
http://www.trendmicro.co.jp/support/ucmodule/iwss/lin/10/readme_iwss102_lin_patch4_b2013.txt
Trend Micro ReadMe Documentation
isux_381_sol_en_patch4_readme
http://www.trendmicro.com/ftp/documentation/readme/isux_381_sol_en_patch4_readme.txt
Trend Micro ReadMe Documentation
isux_38_sol_en_patch4_readme
http://www.trendmicro.com/ftp/documentation/readme/isux_38_sol_en_patch4_readme.txt
Trend Micro ReadMe Documentation
readme_imss511_sol_patch4
http://www.trendmicro.co.jp/support/ucmodule/imss/sol/511p/readme_imss511_sol_patch4.txt
Trend Micro ReadMe Documentation
readme_imss511_lin_patch4
http://www.trendmicro.co.jp/support/ucmodule/imss/lin/511p/readme_imss511_lin_patch4.txt
Trend Micro ReadMe Documentation
readme_iwss101_win_patch4_b1502
http://www.trendmicro.co.jp/support/ucmodule/iwss/win/10/readme_iwss101_win_patch4_b1502.txt
Trend Micro ReadMe Documentation
readme_iwss11_sol_patch4_b1126
http://www.trendmicro.co.jp/support/ucmodule/iwss/sol/11p/readme_iwss11_sol_patch4_b1126.txt
Turbolinux Security Advisory
TLSA-2007-52
http://www.turbolinux.com/security/2007/TLSA-2007-52.txt
Common Vulnerabilities and Exposures (CVE)
CVE-2005-2969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
FrSIRT Advisories
FrSIRT/ADV-2005-2036
http://www.frsirt.com/english/advisories/2005/2036
JVN
JVN#23632449
http://jvn.jp/en/jp/JVN23632449/index.html
National Vulnerability Database (NVD)
CVE-2005-2969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969
Secunia Advisory
SA17151
http://secunia.com/advisories/17151/
SecuriTeam
6Y00D0AEBW
http://www.securiteam.com/securitynews/6Y00D0AEBW.html
SecurityFocus
15071
http://www.securityfocus.com/bid/15071
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published\n[2014/05/22]\n Affected Products : Products were added\n Vendor Information : Content was added
2008-05-21T00:00:00+09:00
2014-05-22T18:04:21+09:00
2005-10-11T00:00:00+09:00
JVNDB-2005-000695
Ruby XMLRPC Server Denial of Service Vulnerability
The User-level thread supported in Ruby does not switch while writing to a socket. This in turn blocks all subsequent procrsses when specially crafted requests are sent to the Web server and could result in a denial of service.
Cybertrust Japan Co., Ltd.
Asianux Server
cpe:/o:misc:miraclelinux_asianux_server
4.0
4.0 (x86-64)
Red Hat, Inc.
Red Hat Enterprise Linux
cpe:/o:redhat:enterprise_linux
4 (as)
4 (es)
4 (ws)
Red Hat, Inc.
Red Hat Enterprise Linux Desktop
cpe:/o:redhat:enterprise_linux_desktop
4.0
Ruby
Ruby
cpe:/a:ruby-lang:ruby
1.8.2 and earlier
Medium
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
An attacker could cause a Denial of Service (DoS) condition on the Web services using WEBrick/XMLRPC.
Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
MIRACLE LINUX Update Information
ruby (V4.0)
http://www.miraclelinux.com/support/update/list.php?errata_id=366
Red Hat Security Advisory
RHSA-2006:0427
https://rhn.redhat.com/errata/RHSA-2006-0427.html
Ruby
WEBrick DoS vulnerability
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/26405
Ruby
Webrick DoS
http://www.ruby-lang.org/ja/news/2005/11/21/20051121
Ruby
webrick, xmlrpc
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787
Common Vulnerabilities and Exposures (CVE)
CVE-2006-1931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931
ISS X-Force Database
26102
http://xforce.iss.net/xforce/xfdb/26102
National Vulnerability Database (NVD)
CVE-2006-1931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1931
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
24972
http://www.osvdb.org/24972
Secunia Advisory
SA16904
http://secunia.com/advisories/16904/
SecurityFocus
17645
http://www.securityfocus.com/bid/17645
SecurityTracker
1015978
http://securitytracker.com/id?1015978
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-11-21T00:00:00+09:00
JVNDB-2005-000705
Fujitsu Java Runtime Environment reflection API vulnerability
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.
IBM Corporation
IBM SDK, Java
cpe:/a:ibm:java_sdk
1.3 and earlier
1.4.2 and earlier
Sun Microsystems, Inc.
JDK
cpe:/a:sun:jdk
5.0 Update 3 and earlier
Sun Microsystems, Inc.
JRE
cpe:/a:sun:jre
5.0 Update 3 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet.
IBM Support Document
1225628
http://www-1.ibm.com/support/docview.wss?uid=swg21225628
Sun Alert Notification
201102
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201102-1
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3904
FrSIRT Advisories
FrSIRT/ADV-2005-2636
http://www.frsirt.com/english/advisories/2005/2636
JVN
JVN#15972537
http://jvn.jp/en/jp/JVN15972537/index.html
National Vulnerability Database (NVD)
CVE-2005-3904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3904
Secunia Advisory
SA17748
http://secunia.com/advisories/17748/
SecurityFocus
15615
http://www.securityfocus.com/bid/15615
US-CERT Vulnerability Note
VU#931684
http://www.kb.cert.org/vuls/id/931684
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-11-28T00:00:00+09:00
JVNDB-2005-000706
Fujitsu Java Runtime Environment reflection API vulnerability
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.
IBM Corporation
IBM SDK, Java
cpe:/a:ibm:java_sdk
1.3 and earlier
1.4.1 and earlier
Sun Microsystems, Inc.
JDK
cpe:/a:sun:jdk
5.0 Update 3 and earlier
Sun Microsystems, Inc.
JRE
cpe:/a:sun:jre
1.3.1_15 and earlier
1.4.2_08 and earlier
5.0 Update 3 and earlier
Sun Microsystems, Inc.
SDK
cpe:/a:sun:sdk
1.3.1_15 and earlier
1.4.2_08 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet.
IBM Support Document
1225628
http://www-1.ibm.com/support/docview.wss?uid=swg21225628
Sun Alert Notification
201372
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201372-1
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3905
FrSIRT Advisories
FrSIRT/ADV-2005-2636
http://www.frsirt.com/english/advisories/2005/2636
JVN
JVN#15972537
http://jvn.jp/en/jp/JVN15972537/index.html
National Vulnerability Database (NVD)
CVE-2005-3905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3905
Secunia Advisory
SA17748
http://secunia.com/advisories/17748/
SecurityFocus
15615
http://www.securityfocus.com/bid/15615
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-11-28T00:00:00+09:00
JVNDB-2005-000707
Fujitsu Java Runtime Environment reflection API vulnerability
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.
IBM Corporation
IBM SDK, Java
cpe:/a:ibm:java_sdk
1.3 and earlier
1.4.1 and earlier
Sun Microsystems, Inc.
JDK
cpe:/a:sun:jdk
5.0 Update 3 and earlier
Sun Microsystems, Inc.
JRE
cpe:/a:sun:jre
1.4.2_08 and earlier
5.0 Update 3 and earlier
Sun Microsystems, Inc.
SDK
cpe:/a:sun:sdk
1.4.2_08 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet.
IBM Support Document
1225628
http://www-1.ibm.com/support/docview.wss?uid=swg21225628
Sun Alert Notification
201372
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201372-1
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3906
FrSIRT Advisories
FrSIRT/ADV-2005-2636
http://www.frsirt.com/english/advisories/2005/2636
JVN
JVN#15972537
http://jvn.jp/en/jp/JVN15972537/index.html
National Vulnerability Database (NVD)
CVE-2005-3906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3906
Secunia Advisory
SA17748
http://secunia.com/advisories/17748/
SecurityFocus
15615
http://www.securityfocus.com/bid/15615
US-CERT Vulnerability Note
VU#974188
http://www.kb.cert.org/vuls/id/974188
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-11-28T00:00:00+09:00
JVNDB-2005-000727
mod_imap cross-site scripting vulnerability
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.
Apache Software Foundation
Apache HTTP Server
cpe:/a:apache:http_server
1.3.34 and ealier
2.0.55 and ealier
2.2.0
Apple Inc.
Apple Mac OS X
cpe:/o:apple:mac_os_x
v10.4.11
Apple Inc.
Apple Mac OS X Server
cpe:/o:apple:mac_os_x_server
v10.4.11
v10.5.2
Cybertrust Japan Co., Ltd.
Asianux Server
cpe:/o:misc:miraclelinux_asianux_server
3.0
3.0 (x86-64)
4.0
4.0 (x86-64)
Hewlett-Packard Development Company,L.P
HP-UX
cpe:/o:hp:hp-ux
11.00
11.04
11.11
11.23
Hitachi, Ltd
Cosminexus Application Server Enterprise
cpe:/a:hitachi:cosminexus_application_server_enterprise
Version 6
Hitachi, Ltd
Cosminexus Application Server Standard
cpe:/a:hitachi:cosminexus_application_server_standard
Version 6
Hitachi, Ltd
Cosminexus Application Server Version 5
cpe:/a:hitachi:cosminexus_application_server_version_5
Hitachi, Ltd
Cosminexus Developer Light Version 6
cpe:/a:hitachi:cosminexus_developer_light_version_6
Hitachi, Ltd
Cosminexus Developer Professional Version 6
cpe:/a:hitachi:cosminexus_developer_professional_version_6
Hitachi, Ltd
Cosminexus Developer Standard Version 6
cpe:/a:hitachi:cosminexus_developer_standard_version_6
Hitachi, Ltd
Cosminexus Developer Version 5
cpe:/a:hitachi:cosminexus_developer_version_5
Hitachi, Ltd
Cosminexus Server - Enterprise Edition
cpe:/a:hitachi:cosminexus_server_-_enterprise_edition
Hitachi, Ltd
Cosminexus Server - Standard Edition
cpe:/a:hitachi:cosminexus_server_-_standard_edition
Hitachi, Ltd
Cosminexus Server - Standard Edition Version 4
cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4
Hitachi, Ltd
Cosminexus Server - Web Edition
cpe:/a:hitachi:cosminexus_server_-_web_edition
Hitachi, Ltd
Cosminexus Server - Web Edition Version 4
cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4
Hitachi, Ltd
Hitachi Web Server
cpe:/a:hitachi:hitachi_web_server
- Custom Edition
- Security Enhancement
for VOS3
Hitachi, Ltd
uCosminexus Application Server Enterprise
cpe:/a:hitachi:ucosminexus_application_server_enterprise
Hitachi, Ltd
uCosminexus Application Server Smart Edition
cpe:/a:hitachi:ucosminexus_application_server_smart_edition
Hitachi, Ltd
uCosminexus Application Server Standard
cpe:/a:hitachi:ucosminexus_application_server_standard
Hitachi, Ltd
uCosminexus Developer
cpe:/a:hitachi:ucosminexus_developer
Professional
Hitachi, Ltd
uCosminexus Developer Light
cpe:/a:hitachi:ucosminexus_developer_light
Hitachi, Ltd
uCosminexus Developer Standard
cpe:/a:hitachi:ucosminexus_developer_standard
Hitachi, Ltd
uCosminexus Service Architect
cpe:/a:hitachi:ucosminexus_service_architect
Hitachi, Ltd
uCosminexus Service Platform
cpe:/a:hitachi:ucosminexus_service_platform
IBM Corporation
IBM HTTP Server
cpe:/a:ibm:http_server
1.3.26.x
1.3.28.x
2.0.42.x
2.0.47.x
6.0.x
Oracle Corporation
Oracle HTTP Server
cpe:/a:oracle:http_server
10.1.3.5.0
Red Hat, Inc.
Red Hat Enterprise Linux
cpe:/o:redhat:enterprise_linux
2.1 (as)
2.1 (es)
2.1 (ws)
3 (as)
3 (es)
3 (ws)
4 (as)
4 (es)
4 (ws)
Red Hat, Inc.
Red Hat Linux Advanced Workstation
cpe:/o:redhat:linux_advanced_workstation
2.1
Sun Microsystems, Inc.
Sun Solaris
cpe:/o:sun:solaris
10 (sparc)
10 (x86)
8 (sparc)
8 (x86)
9 (sparc)
9 (x86)
Turbolinux, Inc.
Turbolinux
cpe:/o:turbolinux:turbolinux
10_f
Turbolinux, Inc.
Turbolinux Desktop
cpe:/o:turbolinux:turbolinux_desktop
10
Turbolinux, Inc.
Turbolinux FUJI
cpe:/o:turbolinux:turbolinux_fuji
Turbolinux, Inc.
Turbolinux Home
cpe:/o:turbolinux:turbolinux_home
Turbolinux, Inc.
Turbolinux Multimedia
cpe:/o:turbolinux:turbolinux_multimedia
Turbolinux, Inc.
Turbolinux Personal
cpe:/o:turbolinux:turbolinux_personal
Turbolinux, Inc.
Turbolinux Server
cpe:/o:turbolinux:turbolinux_server
10
10 (x64)
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where mod_imap or mod_imagemap is used.
Apache httpd 1.3 vulnerabilities
1.3.35
http://httpd.apache.org/security/vulnerabilities_13.html#1.3.35
Apache httpd 2.0 vulnerabilities
2.0.58
http://httpd.apache.org/security/vulnerabilities_20.html#2.0.58
Apache httpd 2.2 vulnerabilities
2.2.2
http://httpd.apache.org/security/vulnerabilities_22.html#2.2.2
Apple Security Updates
Security Update 2008-002
http://support.apple.com/kb/HT1249
Apple Security Updates
Security Update 2008-003
http://support.apple.com/kb/HT1897
Changes with Apache
1.3.35
http://www.apache.org/dist/httpd/CHANGES_1.3
Changes with Apache
2.0.58
http://www.apache.org/dist/httpd/CHANGES_2.0
Changes with Apache
2.2.2
http://www.apache.org/dist/httpd/CHANGES_2.2
Hitachi Software Vulnerability Information
HS06-022
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS06-022/index.html
HP Security Bulletin
HPSBUX02145
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00760969
HP Security Bulletin
HPSBUX02164
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00794047
HP Security Bulletin
HPSBUX02172
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00797078
IBM Support Document
PK16139
http://www-1.ibm.com/support/docview.wss?uid=swg1PK16139
IBM Support Document
4012511
http://www-1.ibm.com/support/docview.wss?uid=swg24012511
MIRACLE LINUX Update Information
AXSA-2006-6:1
http://www.miraclelinux.com/support/update/list.php?errata_id=324
Oracle Critical Patch Update
Oracle Critical Patch Update Advisory - July 2013
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Oracle Critical Patch Update
Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices
http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html
Red Hat Security Advisory
RHSA-2006:0159
https://rhn.redhat.com/errata/RHSA-2006-0159.html
Red Hat Security Advisory
RHSA-2006:0158
https://rhn.redhat.com/errata/RHSA-2006-0158.html
SECURITY BLOG
July 2013 Critical Patch Update Released
https://blogs.oracle.com/security/entry/july_2013_critical_patch_update
Sun Alert Notification
102662
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
Sun Alert Notification
102663
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1
Turbolinux Security Advisory
TLSA-2006-1
http://www.turbolinux.com/security/2006/TLSA-2006-1.txt
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
JVN
JVN#06045169
http://jvn.jp/en/jp/JVN06045169/index.html
National Vulnerability Database (NVD)
CVE-2005-3352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352
SecurityFocus
15834
http://www.securityfocus.com/bid/15834
US-CERT Cyber Security Alerts
SA08-079A
http://www.us-cert.gov/cas/alerts/SA08-079A.html
US-CERT Cyber Security Alerts
SA08-150A
http://www.us-cert.gov/cas/alerts/SA08-150A.html
US-CERT Technical Cyber Security Alert
TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
US-CERT Technical Cyber Security Alert
TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published\n[2008/06/06]\n Affected Products : Added Apple Inc (Security Update 2008-002)\n Vendor Information : Added Apple Inc (Security Update 2008-002)\n[2008/06/17]\n Vendor Information : Added Apple Inc (Security Update 2008-003)\n[2013/07/18]\n Affected Products : Product of Oracle was added\n Vendor Information : Contents of Oracle were added\n[2014/05/22]\n Affected Products : Products were added\n Vendor Information : Content was added
2008-05-21T00:00:00+09:00
2014-05-22T18:03:56+09:00
2005-12-12T00:00:00+09:00
JVNDB-2005-000756
Tsuru-Kame Mail vulnerable in S/MIME signature verification
Tsuru-Kame Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date. The name of the software "Tsuru-Kame Mail" was changed to "Hidemaru Mail" on August 10, 2005.
Saitoh Kikaku
Hidemaru Mail
cpe:/a:hidemaru:hidemaru_mail
earlier than v4.00
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
The user can not notice a forged email signed by a malicious certificate.
Hidemaruo's Homepage
hide.maruo
http://hide.maruo.co.jp/software/tk.html
JVN
JVN#E59B594B
http://jvn.jp/en/jp/JVNE59B594B/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-10-28T00:00:00+09:00
JVNDB-2005-000757
Cybozu Office browser script execution vulnerability
The HTML-mail compliant web mail function of Cybozu Office contains a vulnerability that may allow an attacker to execute browser script.
Cybozu, Inc.
Cybozu Office
cpe:/a:cybozu:office
6.1 (1.0) and earlier
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
If a Cybozu Office user logs into the system and opens an email containing exploit code sent by a remote attacker using the web mail function, cookies in the browser could be stolen. As Cybozu Office stores login session ID information in a HTTP cookie, an attacker could exploit this vulnerability to hijack a session by stealing the session ID.
Cybozu
498
http://cbdb.cybozu.co.jp/cgi-bin/db.cgi?page=DBRecord&did=559&qid=all&vid=&rid=498&fvid=126
JVN
JVN#8F8B1C85
http://jvn.jp/en/jp/JVN8F8B1C85/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-02-07T00:00:00+09:00
JVNDB-2005-000758
msearch directory traversal vulnerability
msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers.
kiteya.net
msearch
cpe:/a:misc:kiteya_msearch
ver.1.50 and 1.51
Unicode version of msearch
Unicode msearch
cpe:/a:msearch:unicode_msearch
ver.1.51
Medium
5
AV:N/AC:L/Au:N/C:P/I:N/A:N
A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files.
marbacka.net
Top Page
http://www.marbacka.net/msearch/
msearch
8BAAAB4E
http://www.kiteya.net/script/msearch/8BAAAB4E.html
JVN
JVN#8BAAAB4E
http://jvn.jp/en/jp/JVN8BAAAB4E/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-03-08T00:00:00+09:00
JVNDB-2005-000759
McAfee VirusScan Engine buffer overflow vulnerability
McAfee VirusScan Engine contains a buffer overflow vulnerability.
McAfee
McAfee Scan Engine
cpe:/a:mcafee:scan_engine
v.4320 (any McAfee Antivirus products using the 4320 engine with DAT version less than 4436)
Medium
5.4
AV:N/AC:H/Au:N/C:N/I:N/A:C
A buffer overflow may occur when scanning a malformed LHA file.
McAfee
McAfee Security Bulletin
http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf
Common Vulnerabilities and Exposures (CVE)
CVE-2005-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0644
JVN
JVN#1F649902
http://jvn.jp/en/jp/JVN1F649902/index.html
National Vulnerability Database (NVD)
CVE-2005-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0644
SecurityFocus
12832
http://www.securityfocus.com/bid/12832
SecurityTracker
1013463
http://securitytracker.com/id?1013463
US-CERT Vulnerability Note
VU#361180
http://www.kb.cert.org/vuls/id/361180
X-Force Security Alerts and Advisories
190
http://xforce.iss.net/xforce/alerts/id/190
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-03-18T00:00:00+09:00
JVNDB-2005-000760
McAfee VirusScan Engine buffer overflow vulnerability
McAfee VirusScan Engine contains a buffer overflow vulnerability.
McAfee
McAfee Scan Engine
cpe:/a:mcafee:scan_engine
v.4320 (any McAfee Antivirus products using the 4320 engine with DAT version less than 4436)
Medium
5.4
AV:N/AC:H/Au:N/C:N/I:N/A:C
A buffer overflow may occur when scanning a malformed LHA file.
McAfee
McAfee Security Bulletin
http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf
Common Vulnerabilities and Exposures (CVE)
CVE-2005-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0643
JVN
JVN#1F649902
http://jvn.jp/en/jp/JVN1F649902/index.html
National Vulnerability Database (NVD)
CVE-2005-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0643
Secunia Advisory
SA14628
http://secunia.com/advisories/14628
SecurityFocus
10243
http://www.securityfocus.com/bid/10243
US-CERT Vulnerability Note
VU#361180
http://www.kb.cert.org/vuls/id/361180
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-03-18T00:00:00+09:00
JVNDB-2005-000761
Norton AntiVirus causes abnormal OS termination when a user edits a shared network file
Symantec Norton AntiVirus 2005 contains a vulnerability which could cause abnormal OS termination if a user running the vulnerable Norton AntiVirus edits a file in the shared network folder if "SmartScan" is chosen in the "Which file types to scan for viruses" setting.
Symantec Corporation
Norton AntiVirus
cpe:/a:symantec:norton_antivirus
2005
Symantec Corporation
Norton Internet Security
cpe:/a:symantec:norton_internet_security
2005
Symantec Corporation
Norton SystemWorks
cpe:/a:symantec:norton_system_works
2005 (Premier)
Medium
4
AV:L/AC:H/Au:N/C:N/I:N/A:C
When a file in the shared network folder is edited, abnormal OS termination could occur.
Symantec Security Advisory
SYM05-006
http://www.symantec.com/avcenter/security/Content/2005.03.28.html
Common Vulnerabilities and Exposures (CVE)
CVE-2005-0923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0923
JVN
JVN#23D7E89F
http://jvn.jp/en/jp/JVN23D7E89F/index.html
National Vulnerability Database (NVD)
CVE-2005-0923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0923
Secunia Advisory
SA14741
http://secunia.com/advisories/14741
SecurityFocus
12924
http://www.securityfocus.com/bid/12924
SecurityTracker
1013586
http://securitytracker.com/id?1013586
SecurityTracker
1013587
http://securitytracker.com/id?1013587
SecurityTracker
1013585
http://securitytracker.com/id?1013585
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-03-29T00:00:00+09:00
JVNDB-2005-000762
Norton AntiVirus causes abnormal OS termination when scanning illegal files
Symantec Norton AntiVirus 2004 and 2005 contain a vulnerability that causes an abnormal operating system termination of a computer, when their real-time scan feature is enabled and examining a file with a specially crafted file header.
Symantec Corporation
Norton AntiVirus
cpe:/a:symantec:norton_antivirus
2004
2005
Symantec Corporation
Norton Internet Security
cpe:/a:symantec:norton_internet_security
2004 (Professional)
2005
Symantec Corporation
Norton SystemWorks
cpe:/a:symantec:norton_system_works
2004 (Professional)
2005 (Premier)
High
7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
An attacker could cause an abnormal OS termination by sending a file with a specially crafted file header.
Symantec Security Advisory
SYM05-006
http://www.symantec.com/avcenter/security/Content/2005.03.28.html
Common Vulnerabilities and Exposures (CVE)
CVE-2005-0922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0922
JVN
JVN#C45D8EAD
http://jvn.jp/en/jp/JVNC45D8EAD/index.html
National Vulnerability Database (NVD)
CVE-2005-0922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0922
Secunia Advisory
SA14741
http://secunia.com/advisories/14741
SecurityFocus
12923
http://www.securityfocus.com/bid/12923
SecurityTracker
1013586
http://securitytracker.com/id?1013586
SecurityTracker
1013587
http://securitytracker.com/id?1013587
SecurityTracker
1013585
http://securitytracker.com/id?1013585
US-CERT Vulnerability Note
VU#146020
http://www.kb.cert.org/vuls/id/146020
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-03-29T00:00:00+09:00
JVNDB-2005-000764
Website connection problem when a mobile phone terminal uses specific QR code
Mobile phone terminals supporting the two-dimensional code (QR code) read function are reported to have a website connection problem. When specific QR code is read, even if a user tries to connect to the URL string in the first line of the two URL lines displayed, the connection is established with the second URL. This problem has been reported for KDDI mobile phones. The developer provides countermeasure information although they judged this problem not a vulnerability. JVN has publicized this issue in coordination with the developer to make it known to users.
KDDI
Barcode Reader (two dimension)
cpe:/a:kddi:barcode_reader_2d
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
When specific QR code is read, connection could be established with an unintended site (the site displayed in the second line).
au info
20050414
http://www.au.kddi.com/news/information/au_info_20050414.html
JVN
JVN#9ADCBB12
http://jvn.jp/en/jp/JVN9ADCBB12/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-04-14T00:00:00+09:00
JVNDB-2005-000765
Buffalo router configuration management interface vulnerable to remote access and password leakage
Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's account and password information of the ISP using the save settings function.
BUFFALO INC.
BUFFALO BBR-4HG
cpe:/h:buffalo_inc:bbr-4hg
firmware version 1.04 and earlier
BUFFALO INC.
BUFFALO BBR-4MG
cpe:/h:buffalo_inc:bbr-4mg
firmware version 1.04 and earlier
Medium
6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Configurations could be changed by the remote attacker. As the save configuration stores user's account and password information of ISPs in plain-text format, a remote attacker could steal such information and impersonate a user to gain illegal access.
BUFFALO
BBR-4HG FarmWare
http://buffalo.jp/download/driver/lan/bbr4hg.html
BUFFALO
BBR-4MG FarmWare
http://buffalo.jp/download/driver/lan/bbr4mg.html
JVN
JVN#55023557
http://jvn.jp/en/jp/JVN55023557/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-04-15T00:00:00+09:00
JVNDB-2005-000766
w3ml cross-site scripting vulnerability
w3ml, a program used to display mailing list logs on the web site, contains a cross-site scripting vulnerability.
tmtm.org
w3ml
cpe:/a:misc:w3ml
-0.4-20020625 and earlier
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
An arbitrary script could be executed on the user's web browser which may allow an attacker to steal cookie information.
tmtm.org
w3ml
http://www.tmtm.org/ruby/w3ml/
JVN
JVN#97757029
http://jvn.jp/en/jp/JVN97757029/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-04-19T00:00:00+09:00
JVNDB-2005-000767
WebUD arbitrary program execution vulnerability
WebUD, a web accessibility support tool, contains a vulnerability in its components that are automatically executed on it, which may allow execution of arbitrary code when a user accesses a malicious website.
FUJITSU
WebUD
cpe:/a:fujitsu:webud
version V01L10
Medium
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
A remote attacker could execute an arbitrary program, or read or overwrite user's files.
FUJITSU Security Information
Security
http://segroup.fujitsu.com/consulting/strategy/accessibility/webud/alert.html
JVN
JVN#A7DA6818
http://jvn.jp/en/jp/JVNA7DA6818/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-04-22T00:00:00+09:00
JVNDB-2005-000768
Movable Type session management vulnerability
Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access.
Six Apart, Ltd.
Movable Type
cpe:/a:sixapart:movabletype
3.151-ja and earlier
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
A remote attacker could freely manipulate a web log by posting or deleting blog entries.
MOVABLETYPE NEWS
2005/05/12-1500
http://www.sixapart.jp/movabletype/news/2005/05/12-1500.html
JVN
JVN#74012178
http://jvn.jp/en/jp/JVN74012178/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-05-12T00:00:00+09:00
JVNDB-2005-000769
Virus Security heap overflow vulnerability
SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails.
SOURCENEXT CORPORATION
Virus Security
cpe:/a:sourcenext:virus_security
2.0.0.9 (K7SpmSrc.exe) and earlier (Virus Security version 7.7.1120 and earlier)
Critical
10
AV:N/AC:L/Au:N/C:C/I:C/A:C
A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege.
SOURCENEXT CORPORATION
Heap Overflow (2005/5/12)
http://sec.sourcenext.info/support/bulletin.html
JVN
JVN#8EDB8A96
http://jvn.jp/en/jp/JVN8EDB8A96/index.html
0
2018-02-17T10:37:53+09:00
[2007/04/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-05-12T00:00:00+09:00
JVNDB-2005-000770
Virus Security memory leak vulnerability
SourceNext Virus Security has a problem in processing a specially crafted email. When the email has a virus as an attachment and Virus Security detects that virus, memory leak occurs.
SOURCENEXT CORPORATION
Virus Security
cpe:/a:sourcenext:virus_security
2005 2.0.0.9 (K7SpmSrc.exe) and earlier
2005 version 7.7.1120 and earlier
Medium
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
A remote attacker may conduct a denial of service (DoS) attack.
SOURCENEXT CORPORATION
Security
http://sec.sourcenext.info/support/bulletin.html
JVN
JVN#A45697B1
http://jvn.jp/en/jp/JVNA45697B1/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-05-12T00:00:00+09:00
JVNDB-2005-000771
Wiki clone cross-site scripting vulnerability
Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user.
AsWiki
AsWiki
cpe:/a:misc:aswiki
(attach plugin)
FreeStyleWiki Project
FreeStyleWiki
cpe:/a:fswiki:wiki
3.5.7 and ealier
FreeStyleWiki Project
FSWikiLite
cpe:/a:fswiki:wikilite
0.0.10 and ealier
Hiki Development Team
Hiki
cpe:/a:hiki:hiki
0.6.5 and ealier
PukiWiki Developers Team.
PukiWiki
1.3.x, 1.4.x
Wiki Modoki
Wiki modoki
cpe:/a:misc:wiki_modoki
20050205
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
An arbitrary script may be executed on the browser of the user who viewed an attached file.
ASDP
AsWiki
http://www.assist.media.nagoya-u.ac.jp/ASDP/aswiki.cgi/AsWiki
FreeStyleWiki
2005-5-19
http://fswiki.poi.jp/wiki.cgi?page=%CD%FA%CE%F2%2F2005%2D5%2D19
Hiki News
Hiki Advisory 2005-05-19
http://hikiwiki.org/ja/advisory20050519.html
PukiWiki Errata
Default setting of file-attaching function allows XSS (- 1.4.5_1)
http://pukiwiki.sourceforge.jp/index.php?PukiWiki/Errata#qf91cd08
Wiki Modoki Security Information
2005-05-19
http://moonrock.jp/~don/wikimodoki/security.html#ID-.A5.DA.A1.BC.A5.B8.A4.D8.C5.BA.C9.D5.A4.B7.A4.BF.A5.D5.A5.A1.A5.A4.A5.EB.A4.CB.A4.E8.A4.EB.C0.C8.BC.E5.C0.AD.20.282005-05-19.29
JVN
JVN#465742E4
http://jvn.jp/en/jp/JVN465742E4/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-05-19T00:00:00+09:00
JVNDB-2005-000772
Inappropriate interpretation of mailto URL scheme by mail client software
The mailto URL scheme is used to designate the Internet email address on a web page. Specifying an email address and body text using the mailto URL scheme gives a template for a mail message. Many mail clients have a function to set a field specified by the mailto URL scheme in a mail header. RFC2368 defining the mailto URL scheme points out the followings in its Security Considerations section. - A mail client should never send anything without complete disclosure to the user of the full message created based on descriptions of the mailto URL scheme - It should explicitly display any headers along with the message destination. - It is inappropriate to set a header related to mail delivery based on descriptions of the mailto URL scheme However, some mail clients set the header related to mail delivery based on descriptions of the mailto URL scheme or do not explicitly display the full header. We published this issue on JVN in coordination with developers, to publicize the issue to users and mail client developers.
Allied Telesis
AT-Mail Server
cpe:/a:allied_telesis_k.k.:at-mail_server
Edcom Inc.
EdMax
cpe:/a:misc:edcom_edmax
Ver3.05 and earlier
Edcom Inc.
EdMax Free
cpe:/a:misc:edcom_edmax_free
Ver2.85.5F and earlier
JustSystems Corporation
Shuriken
cpe:/a:justsystems:shuriken
Pro3
Pro4
Orangesoft Inc.
Winbiff
cpe:/a:misc:orange_winbiff
V2.43PL1 and earlier
RIMARTS
Becky! Internet Mail
cpe:/a:rimarts_inc.:becky_internet_mail
Ver.2.21.01 and earlier
Saitoh Kikaku
Hidemaru Mail
cpe:/a:hidemaru:hidemaru_mail
Version4.12 and earlier
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
An email message may be sent to recipients to whom the user does not intend to send it.
Allied Telesis
20050620
http://www.allied-telesis.co.jp/support/list/faq/vuls/20050620.html
Becky! Internet Mail
Becky! Internet Mail Ver.2 (2.21.02)
http://www.rimarts.co.jp/becky.htm
EdMax Security Hall
2005/05/26
http://www.edcom.jp/edmax/edmsec.html
Hidemaruo's Homepage
news2005
http://hide.maruo.co.jp/news/oldnews/news2005.html
Orangesoft
V2.43PL1〜V2.50
http://www.orangesoft.co.jp/modules/pukiwiki/?winbiff_history#ct33_1_2
Shuriken Support Desk
shuriken
http://www.justsystem.co.jp/shuriken/guide/update.html
IETF
RFC2368: The mailto URL scheme
http://www.ietf.org/rfc/rfc2368.txt
JVN
JVN#FCAD9BD8
http://jvn.jp/en/jp/JVNFCAD9BD8/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-05-26T00:00:00+09:00
JVNDB-2005-000773
desknet's cross-site scripting vulnerability
If a user views HTML email containing a malicious script, it could be executed. This problem allows execution of script having patterns other than those addressed in JVN#F88C2C13 (additional information to JVN#89DE2014).
NEOJAPAN,Inc.
desknet's
cpe:/a:neo_japan:desknets
version 4.2J R1.9
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
lf a login ID, password, or session information is leaked, an attacker could impersonate a user to view email, alter configuration information, etc.
desknet's
http://www.desknets.com/help/ver45/webmail/003.html
http://www.desknets.com/help/ver45/webmail/003.html
JVN
JVN#0DC004F6
http://jvn.jp/en/jp/JVN0DC004F6/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-06-06T00:00:00+09:00
JVNDB-2005-000774
SFS cross-site scripting vulnerability
A cross-site scripting vulnerability exists in SFS (Server-type Filtering System) provided by the New Media Development Association.
New Media Development Association
SFS
cpe:/a:misc:nmda_sfs
Version 3.02
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
When SFS is used for web browsing and a browsing request is filtered, an arbitrary script could be executed on the user's web browser. This may allow a remote attacker to steal cookie information from a website.
New Media Development Association
Top Page
http://www.iajapan.org/rating/
New Media Development Association
SFS3.02a and 3.02a Update module
http://www.nmda.or.jp/enc/rating/details/newsinf.html#sfs32arel
New Media Development Association
Top Page
http://www.nmda.or.jp/
JVN
JVN#7B700088
http://jvn.jp/en/jp/JVN7B700088/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-06-10T00:00:00+09:00
JVNDB-2005-000775
Vulnerability involving security zone handling in applications using Internet Explorer components
Internet Explorer (IE) components apply different security levels for web content processing depending on the location (zone) of the web content. As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the "Intranet" zone. However, we have confirmed that some applications using IE components may process web content in an inappropriate zone.
FUJITSU
ATLAS
cpe:/a:fujitsu:atlas
FUJITSU
ATLAS Translation
cpe:/a:fujitsu:atlas_translation
(personal)
(server)
FUJITSU
BizLingo
cpe:/a:fujitsu:bizlingo
FUJITSU
ES@SCHOOL
cpe:/a:fujitsu:es_at_school
FUJITSU
Hiragana Navi
cpe:/a:fujitsu:hiragana_navi
FUJITSU
Japanist
cpe:/a:fujitsu:japanist
FUJITSU
Rakuraku Browser
cpe:/a:fujitsu:rakuraku_browser
FUJITSU
Rakuraku Mail
cpe:/a:fujitsu:rakuraku_mail
FUJITSU
SIMPLIA/JF ClientMate
cpe:/a:fujitsu:simplia_jf_clientmate
FUJITSU
SIMPLIA/TF-WebTest
cpe:/a:fujitsu:simplia_tf-webtest
FUJITSU
Translation Surfin
cpe:/a:fujitsu:translation_surfin
Hitachi Software Engineering Co.,Ltd
DNASIS Pro
cpe:/a:hitachi:dnasis_pro
V1.0,V2.0,V2.2,V2.2.3,V2.2.5,V2.6,V2.6.1,V2.6.3
JustSystems Corporation
NETA's Seed
cpe:/a:justsystems:netas_seed
before 2005.07.12
YMIRLINK Inc.
Paper 2001
cpe:/a:misc:paper_2001
ver1.9 and ealier
YMIRLINK Inc.
Paper copi
cpe:/a:misc:paper_copi
ver2.37 and ealier
Medium
6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Arbitrary code could be executed in a zone with a low security level on a user's computer. This may allow a remote attacker to take complete control of the user's computer.
FUJITSU
257C6F28_zone
http://software.fujitsu.com/jp/security/vulnerabilities/257C6F28_zone.html
JUST SYSTEM
pd5001
http://www.justsystem.co.jp/info/pd5001.html
Kamilabo.jp Information
alert050712
http://www.kamilabo.jp/copi/alert050712.html
Life Science Solutions
iezone_issue
http://hitachisoft.jp/products/lifescience/support/patch/iezone_issue.htm
JVN
JVN#257C6F28
http://jvn.jp/en/jp/JVN257C6F28/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published\n[2010/10/12]\n Vendor Information : Added Hitachi Software Engineering Co.,Ltd (iezone_issue).
2008-05-21T00:00:00+09:00
2010-10-12T16:44:56+09:00
2005-07-12T00:00:00+09:00
JVNDB-2005-000776
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start. If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package. This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users. *1 JPCERT/CC coordinated this issue based on the publicly available information.
Adobe Inc.
Adobe ColdFusion
cpe:/a:adobe:coldfusion
mx 6.0
mx 6.1
mx 7
Adobe Inc.
Adobe JRun
cpe:/a:adobe:jrun
3.1 and 4
BEA Systems, Inc.
BEA WebLogic Express
cpe:/a:bea:weblogic_express
7.0
BEA Systems, Inc.
BEA WebLogic Platform
cpe:/a:bea:weblogic_platform
7.0
BEA Systems, Inc.
BEA WebLogic Server
cpe:/a:bea:weblogic_server
7.0
Cisco Systems, Inc.
Cisco WAN Manager (CWM)
cpe:/a:cisco:wan_manager
- 11.0.10
- 12.0.00
Cisco Systems, Inc.
CiscoWorks Host Solution Engine (HSE)
cpe:/h:cisco:hosting_solution_engine
- 1.7.3
Cisco Systems, Inc.
CiscoWorks Wireless LAN Solution Engine (CWWLSE)
cpe:/a:cisco:wireless_lan_solution_engine
1105 software - 2.7
1130 SOFTWARE - 2.7
Cognos ULC
Cognos Metrics Designer
Cognos ULC
Cognos ReportNet
FUJITSU
Interstage Application Server
cpe:/a:fujitsu:interstage_application_server
Enterprise Edition V4.0L10, V4.0L20 (Windows)
Enterprise Edition V5.0L10, V5.0L10A, V5.0L10B (Windows)
Standard Edition 4.0, 4.1 (Solaris,Linux)
Standard Edition 5.0, 5.0.1 (Solaris,Linux)
Standard Edition V4.0L10, V4.0L20 (Windows)
Standard Edition V5.0L10, V5.0L10A, V5.0L10B (Windows)
FUJITSU
PowerChute
cpe:/a:fujitsu:powerchute
(business) v6.1.2J
FUJITSU
PRIMERGY
cpe:/h:fujitsu:primergy
TX150 all in one type
TX200 all in one type
Hitachi, Ltd
Cosminexus Server
cpe:/a:hitachi:cosminexus_server
Enterprise Edition
Standard Edition
Web Edition
Hitachi, Ltd
Cosminexus Web Contents Generator
cpe:/a:hitachi:cosminexus_web_contents_generator
01-02
Hitachi, Ltd
HA8000 Series
cpe:/h:hitachi:ha8000
IBM Corporation
IBM JCE
cpe:/a:ibm:java_jce
1.2.1
IBM Corporation
IBM JDK
cpe:/a:ibm:java_jdk
IBM Corporation
IBM JRE
cpe:/a:ibm:java_jre
Infoteria Corporation
ASTERIA R2 Flow Builder
cpe:/a:misc:infoteria_asteria_r2_flow_builder
Infoteria Corporation
ASTERIA R2 Server
cpe:/a:misc:infoteria_asteria_r2_server
all platform without Linux
McAfee
McAfee IntruShield
cpe:/h:mcafee:intrushield_security_management_system
v1.8, v1.9, v2.1
NEC Corporation
ESMPRO/UPSManager
cpe:/a:nec:esmpro_upsmanager
ver2.0
NEC Corporation
PowerChute
cpe:/a:nec:powerchute
(business) v6.1.x
Schneider Electric
PowerChute
cpe:/a:apc:powerchute
(business) v6.1, v6.1.1, v6.1.2
Sun Microsystems, Inc.
J2SE
cpe:/a:sun:j2se
1.2.x and 1.3.x
Sun Microsystems, Inc.
JCE
cpe:/a:sun:jce
1.2.1
Low
2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P
Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 (JST) on July 28, 2005. Java applications using JCE 1.2.1 may not start after 6:43 (JST, +0900) on July 28, 2005.
Adobe
Top Page
http://www.adobe.com/
APC
Top Page
http://www.apc.com/
BEA Security Advisory
BEA05-83.00
http://dev2dev.bea.com/pub/advisory/136
Cisco Field Notice
Document ID: 65705
http://www.cisco.com/en/US/products/sw/cscowork/ps3915/products_field_notice09186a00804cf5d3.shtml
COGNOS SOFTWARE SERVICES
jce_notice
http://support.cognos.com/ja/support/products/jce_notice.html
FUJITSU
PRIMERGY
http://primeserver.fujitsu.com/primergy/note/page03.html
FUJITSU Security Information
Interstage
http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200504.html
Hitachi Software Vulnerability Information
HS05-015
http://www.hitachi-support.com/security_e/vuls_e/HS05-015_e/01-e.html
IBM
PQ85933
http://www-1.ibm.com/support/docview.wss?uid=swg1PQ85933
Infoteria
AS-05052-Updated-20050621
http://infosupport.infoteria.co.jp/iwebsite/htdocs/work/AS-05052-Updated-20050621.html
Infoteria Support Center
ASTERIA R2
http://infosupport.infoteria.co.jp/iwebsite/portal/media-type/html/user/anon/page/default.psml?newscd=cc236982-8ec4-4f06-8c33-ced9be59b5dc
McAfee
Top Page
http://www.mcafee.com/us/
NEC Security Information
NV05-024
http://www.nec.co.jp/security-info/secinfo/nv05-024.html
Sun Alert Notification
201158
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201158-1
JPCERT REPORT
JPCERT-WR-2005-2701
http://www.jpcert.or.jp/wr/2005/wr052701.txt
JVN
JVN#93926203
http://jvn.jp/en/jp/JVN93926203/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-07-13T00:00:00+09:00
JVNDB-2005-000778
QRcode Perl CGI & PHP script vulnerable to denial of service attack
QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from clients, which could also affect other processes running on the server.
Y.Swetake (swetake.com)
QRcode Perl/CGI & PHP scripts
cpe:/a:misc:swetake_qrcode_perl_cgi_php_scripts
ver. 0.50f and earlier (including both Perl versions and PHP versions)
Medium
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
A remote attacker may cause a denial of service (DoS) attack.
swetake.com
QRcode Perl CGI & PHP scripts ver. 0.50
http://www.swetake.com/qr/qr_cgi.html
swetake.com
QRcode Perl CGI & PHP scripts DoS
http://www.swetake.com/security/sjf98ty23219h94/info.html
JVN
JVN#29273468
http://jvn.jp/en/jp/JVN29273468/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-07-28T00:00:00+09:00
JVNDB-2005-000779
Hiki cross-site scripting vulnerability
Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.
Hiki Development Team
Hiki
cpe:/a:hiki:hiki
0.8.0 - 0.8.2
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations.
Hiki News
Hiki Advisory 2005-08-04
http://hikiwiki.org/en/advisory20050804.html
Common Vulnerabilities and Exposures (CVE)
CVE-2005-2803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2803
JVN
JVN#38138980
http://jvn.jp/en/jp/JVN38138980/index.html
National Vulnerability Database (NVD)
CVE-2005-2803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2803
SecurityFocus
15021
http://www.securityfocus.com/bid/15021
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-04T00:00:00+09:00
JVNDB-2005-000780
Hiki cross-site scripting vulnerability
Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.
Hiki Development Team
Hiki
cpe:/a:hiki:hiki
0.8.0 - 0.8.2
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations.
Hiki News
Hiki Advisory 2005-08-04
http://hikiwiki.org/en/advisory20050804.html
Common Vulnerabilities and Exposures (CVE)
CVE-2005-2336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2336
JVN
JVN#38138980
http://jvn.jp/en/jp/JVN38138980/index.html
National Vulnerability Database (NVD)
CVE-2005-2336
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2336
Secunia Advisory
SA17075
http://secunia.com/advisories/17075
SecurityFocus
15021
http://www.securityfocus.com/bid/15021
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-04T00:00:00+09:00
JVNDB-2005-000781
Common Management Agent 3.x vulnerable to information leakage
Common Management Agent used in ePolicy Orchestrator and ProtectionPilot has a problem in directory access right setting which allows an attacker to obtain or view a list of files.
McAfee
McAfee ePolicy Orchestrator
cpe:/a:mcafee:epolicy_orchestrator
3.x
McAfee
McAfee ProtectionPilot
cpe:/a:mcafee:protectionpilot
agent 1.x
Medium
5
AV:N/AC:L/Au:N/C:P/I:N/A:N
A remote attacker could view files.
McAfee ServicePortal
KB42216
http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=KB42216&sliceId=SAL_Public&dialogID=5389482&stateId=0%200%205391070
Common Vulnerabilities and Exposures (CVE)
CVE-2005-2554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2554
FrSIRT Advisories
FrSIRT/ADV-2005-1402
http://www.frsirt.com/english/advisories/2005/1402
ISS X-Force Database
21839
http://xforce.iss.net/xforce/xfdb/21839
JVN
JVN#8778A308
http://jvn.jp/en/jp/JVN8778A308/index.html
National Vulnerability Database (NVD)
CVE-2005-2554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2554
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
18735
http://www.osvdb.org/18735
Secunia Advisory
SA16410
http://secunia.com/advisories/16410
SecurityFocus
14549
http://www.securityfocus.com/bid/14549
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-12T00:00:00+09:00
JVNDB-2005-000782
WirelessIP5000 has multiple vulnerabilities
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server shows detailed information that can be used by an attacker to attempt attacks - The factory default password for administrator account is easily guessed
Hitachi Cable
WirelessIP5000
cpe:/h:hitachi:wireless_ip5000
1.5.10 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
These vulnerabilities may allow an attacker to conduct the following attacks: - Illegal information collection - Change of the configuration using SNMP protocol, web browsers, etc. - Denial of service (DoS) attacks using information which the HTTP server provides - Impersonation and information retrieval using the administrator's password
Hitachi Cable, Ltd.
TD61-2716_WirelessIP5000_Vulnerability(JVN#76659792)
http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3720
JVN
JVN#76659792
http://jvn.jp/en/jp/JVN76659792/index.html
National Vulnerability Database (NVD)
CVE-2005-3720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3720
Secunia Advisory
SA17628
http://secunia.com/advisories/17628
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-12T00:00:00+09:00
JVNDB-2005-000783
WirelessIP5000 has multiple vulnerabilities
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server shows detailed information that can be used by an attacker to attempt attacks - The factory default password for administrator account is easily guessed
Hitachi Cable
WirelessIP5000
cpe:/h:hitachi:wireless_ip5000
1.5.10 and earlier
2.0.0 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
These vulnerabilities may allow an attacker to conduct the following attacks: - Illegal information collection - Change of the configuration using SNMP protocol, web browsers, etc. - Denial of service (DoS) attacks using information which the HTTP server provides - Impersonation and information retrieval using the administrator's password
Hitachi Cable, Ltd.
TD61-2716_WirelessIP5000_Vulnerability(JVN#76659792)
http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3722
JVN
JVN#76659792
http://jvn.jp/en/jp/JVN76659792/index.html
National Vulnerability Database (NVD)
CVE-2005-3722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3722
Secunia Advisory
SA17628
http://secunia.com/advisories/17628
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-12T00:00:00+09:00
JVNDB-2005-000784
WirelessIP5000 has multiple vulnerabilities
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server shows detailed information that can be used by an attacker to attempt attacks - The factory default password for administrator account is easily guessed
Hitachi Cable
WirelessIP5000
cpe:/h:hitachi:wireless_ip5000
1.5.10 and earlier
2.0.0 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
These vulnerabilities may allow an attacker to conduct the following attacks: - Illegal information collection - Change of the configuration using SNMP protocol, web browsers, etc. - Denial of service (DoS) attacks using information which the HTTP server provides - Impersonation and information retrieval using the administrator's password
Hitachi Cable, Ltd.
TD61-2716_WirelessIP5000_Vulnerability(JVN#76659792)
http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3723
JVN
JVN#76659792
http://jvn.jp/en/jp/JVN76659792/index.html
National Vulnerability Database (NVD)
CVE-2005-3723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3723
Secunia Advisory
SA17628
http://secunia.com/advisories/17628
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-12T00:00:00+09:00
JVNDB-2005-000785
WirelessIP5000 has multiple vulnerabilities
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server shows detailed information that can be used by an attacker to attempt attacks - The factory default password for administrator account is easily guessed
Hitachi Cable
WirelessIP5000
cpe:/h:hitachi:wireless_ip5000
1.5.10 and earlier
2.0.0 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
These vulnerabilities may allow an attacker to conduct the following attacks: - Illegal information collection - Change of the configuration using SNMP protocol, web browsers, etc. - Denial of service (DoS) attacks using information which the HTTP server provides - Impersonation and information retrieval using the administrator's password
Hitachi Cable, Ltd.
TD61-2716_WirelessIP5000_Vulnerability(JVN#76659792)
http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3719
JVN
JVN#76659792
http://jvn.jp/en/jp/JVN76659792/index.html
National Vulnerability Database (NVD)
CVE-2005-3719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3719
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-12T00:00:00+09:00
JVNDB-2005-000787
Pochy denial-of-service (DoS) vulnerability
Pochy, email client software operating in the Microsoft Windows environment, contains a vulnerability that may cause the processing to stop while the CPU load is high and a denial-of-service (DoS) after receiving a specific string.
PukiWiki Developers Team.
Pochy
cpe:/a:misc:pochy
0.2.1a
Medium
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
A remote attacker could exploit this vulnerability to cause a denial-of-service (DoS) attack by sending a specially crafted email to a Pochy user.
Pochy
Pochy Download
http://pochy.sourceforge.jp/pukiwiki/pukiwiki.php?%A5%C0%A5%A6%A5%F3%A5%ED%A1%BC%A5%C9
Pochy
0.3.0b
http://pochy.sourceforge.jp/pukiwiki/pukiwiki.php?%A5%CB%A5%E5%A1%BC%A5%B9
JVN
JVN#23727054
http://jvn.jp/en/jp/JVN23727054/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-25T00:00:00+09:00
JVNDB-2005-000788
FreeStyleWiki command injection vulnerability
A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface.
FreeStyleWiki Project
FreeStyleWiki
cpe:/a:fswiki:wiki
3.5.8 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server.
FreeStyleWiki
2005-8-27
http://fswiki.poi.jp/wiki.cgi?page=%CD%FA%CE%F2%2F2005%2D8%2D27
JVN
JVN#42435855
http://jvn.jp/en/jp/JVN42435855/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-08-29T00:00:00+09:00
JVNDB-2005-000789
Hyper NIKKI System cross-site request forgery vulnerability
Hyper NIKKI System (hns), a weblog system from the Hyper NIKKI System Project, contains a cross-site request forgery (CSRF) vulnerability.
HyperNikkiSystem Project
hns
cpe:/a:hns:hns
2.10-pl3
2.19.5 (hns-lite-2.19.5)
Low
2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers (including weblog administrator) issued by Hyper NIKKI System. An attacker could impersonate a user by stealing the cookie information.
HyperNikkiSystem Project
hns-SA-2005-01
http://www.h14m.org/SA/2005/hns-SA-2005-01.txt
JVN
JVN#97422426
http://jvn.jp/en/jp/JVN97422426/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-09-01T00:00:00+09:00
JVNDB-2005-000791
Cross-site scripting vulnerability in the Unicode version of msearch
The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch.
Unicode version of msearch
Unicode msearch
cpe:/a:msearch:unicode_msearch
version 1.51 (U1) (including the beta version) and 1.52 (U1)
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
A malicious script may be executed on the user's web browser.
marbacka.net
Top Page
http://www.marbacka.net/msearch/
Common Vulnerabilities and Exposures (CVE)
CVE-2005-2339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2339
JVN
JVN#79925E6F
http://jvn.jp/en/jp/JVN79925E6F/index.html
National Vulnerability Database (NVD)
CVE-2005-2339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2339
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-09-22T00:00:00+09:00
JVNDB-2005-000792
eBASEweb SQL injection vulnerability
eBASEweb, an optional product in the eBASE series data management software from eBASE Co., Ltd., contains an SQL injection vulnerability as it does not completely sanitize user input data. eBASE Co., Ltd. has fixed this product and advised customers who have introduced this product to apply workarounds to address this vulnerability. This vulnerability was reported in version 3.0 released before September 2005. The versions released after September 2005 does not contain this vulnerability issue.
eBASE
eBASEweb
cpe:/a:ebase:ebaseweb
version 3.0
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
A remote attacker could alter database content or steal data.
Update the Software Apply the latest updates provided by the vendor.
eBASE
http://www.ebase.co.jp/company/security/
http://www.ebase.co.jp/company/security/
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3333
ISS X-Force Database
22834
http://xforce.iss.net/xforce/xfdb/22834
JVN
JVN#59130192
http://jvn.jp/en/jp/JVN59130192/index.html
National Vulnerability Database (NVD)
CVE-2005-3333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3333
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
20249
http://osvdb.org/displayvuln.php?osvdb_id=20249
Secunia Advisory
SA17301
http://secunia.com/advisories/17301
SecurityFocus
15171
http://www.securityfocus.com/bid/15171
SecurityTracker
1015089
http://securitytracker.com/alerts/2005/Oct/1015089.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-10-21T00:00:00+09:00
JVNDB-2005-000793
Hyper Estraier directory traversal/denial of service vulnerability
Hyper Estraier, a full text search system, contains a vulnerability in the process of creating index files.
Mikio Hirabayashi
Hyper Estraier
cpe:/a:hyper_estraier:hyper_estraier
and earlier (Windows versions only)
Medium
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
If a remote attacker sends a specially crafted file and a user saves it in a search target directory, the attacker could register a file not to be searched in an index when the user creats an index, or cause a denial of service.
Hyper Estraier
Top Page
http://hyperestraier.sourceforge.net/
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3421
JVN
JVN#18282718
http://jvn.jp/en/jp/JVN18282718/index.html
National Vulnerability Database (NVD)
CVE-2005-3421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3421
Secunia Advisory
SA17379
http://secunia.com/advisories/17379
SecurityFocus
15236
http://www.securityfocus.com/bid/15236
SecurityTracker
1015119
http://securitytracker.com/id?1015119
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-10-28T00:00:00+09:00
JVNDB-2005-000794
Kent Web PostMail vulnerable to third party mail relay
Kent Web PostMail, form mail software that enables sending email from web pages, contains a vulnerability which may allow the third party to relay mail as it does not properly check input.
KENT-WEB
Kent Web PostMail
cpe:/a:kent-web:kent-web_postmail
3.2 and earlier
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
An attacker could possibly compromise the mail server to send an unsolicited email.
KENT-WEB
PostMail
http://www.kent-web.com/data/postmail.html
JVN
JVN#25106961
http://jvn.jp/en/jp/JVN25106961/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-11-11T00:00:00+09:00
JVNDB-2005-000795
HTTPD-User-Manage cross-site scripting vulnerability
HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings. This problem does not occur when only the library for managing database is solely used.
Lincoln D. Stein
HTTPD-User-Manage
cpe:/a:lincoln_d._stein:httpd-user-manage
1.62 and earlier
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage.
CPAN
HTTPD-User-Manage-1.63
http://search.cpan.org/~lds/HTTPD-User-Manage-1.63/
JVN
JVN#30451602
http://jvn.jp/en/jp/JVN30451602/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-11-16T00:00:00+09:00
JVNDB-2005-000797
Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
FreeStyleWiki contains a cross-site scripting and a cross-site request forgery vulnerabilities. The cross-site scripting vulnerability could allow a remote attacker to create a web page containing a malicious script. The cross-site request forgery vulnerability could allow a remote attacker to manipulate the user's operation if a FreeStyleWiki administrator views a specially crafted web page.
FreeStyleWiki Project
FreeStyleWiki
cpe:/a:fswiki:wiki
3.5.9 and earlier
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
A malicious script may be executed on the user's web browser. Furthermore, a combination of the vulnerabilities can be exploited to create a new user with administrative privileges when a FreeStyleWiki administrator logs into it with administrative privileges and views a Wiki page which is specially crafted by a remote attacker.
FreeStyleWiki
2005-12-4
http://fswiki.poi.jp/wiki.cgi?page=%CD%FA%CE%F2%2F2005-12-4
JVN
JVN#67001206
http://jvn.jp/en/jp/JVN67001206/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-12-05T00:00:00+09:00
JVNDB-2005-000798
MitakeSearch cross-site scripting vulnerability
MitakeSearch, a fulltext search system from Hewlett-Packard Japan, contains a cross-site scripting vulnerability due to improper validation of input character strings in the ranking CGI script file, ranking.pl.
Hewlett-Packard Development Company,L.P
MitakeSearch
cpe:/a:hp:mitakesearch
V4.2
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
A malicious script may be executed on the user's web browser.
Hewlett Packard
Top Page
http://welcome.hp.com/country/us/en/welcome.html
MitakeSearch
MitakeSearch
http://h50146.www5.hp.com/products/software/internet/mitake/security_patch.html
JVN
JVN#76357668
http://jvn.jp/en/jp/JVN76357668/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-12-05T00:00:00+09:00
JVNDB-2005-000799
Problem with referer header handling on mobile phone web browsers
We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances. This problem has been reported for KDDI's au mobile phones. KDDI, regarding this problem as a defect which leads to behaviors inconsistent with the specification of RFC2616, provides countermeasure information. JVN has publicized this issue in coordination with vendors to make it known to users.
KDDI
EZweb Browser
cpe:/a:kddi:ezweb_browser
(For more information, refer to the vendors' websites.)
Low
2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N
Referer information may be unintendedly sent to a server under certain operating conditions.
au info
au_topics_index20051209
http://www.au.kddi.com/news/topics/au_topics_index20051209.html
JVN
JVN#15243167
http://jvn.jp/en/jp/JVN15243167/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-12-09T00:00:00+09:00
JVNDB-2005-000800
Opera bookmark function vulnerability
Opera Software ASA's Opera Web Browser contains a vulnerability that may cause a crash upon next startup if a specially crafted web page is registered in the bookmark.
Opera Software ASA
Opera
cpe:/a:opera:opera_browser
for MacOS, earlier than version 8.51
for Windows, earlier than version 8.51
Medium
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
An user cannot start Opera Web Browser because it crashes during startup.
Opera knowledge base
Advisory: A very long title in a web page can cause a crash on startup
http://www.opera.com/support/search/supsearch.dml?index=821
Common Vulnerabilities and Exposures (CVE)
CVE-2005-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4210
FrSIRT Advisories
2846
http://www.frsirt.com/english/advisories/2005/2846
ISS X-Force Database
23549
http://xforce.iss.net/xforce/xfdb/23549
JVN
JVN#28011334
http://jvn.jp/en/jp/JVN28011334/index.html
National Vulnerability Database (NVD)
CVE-2005-4210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4210
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
21641
http://www.osvdb.org/21641
Secunia Advisory
SA17963
http://secunia.com/advisories/17963
SecurityFocus
15813
http://www.securityfocus.com/bid/15813
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-12-14T00:00:00+09:00
JVNDB-2005-000801
WebNote Clip vulnerable to OS command injection
WebNote Clip is CGI software to create bulletin boards, calendars, reports, and diaries. WebNote Clip contains an OS command injection vulnerability as it does not validate inputs properly.
Friendly Lab
WebNote Clip
cpe:/a:misc:webnote_clip
4.1.7 and earlier
High
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
An attacker could execute an arbitrary OS command on the server with WebNote Clip installed.
Friendly Lab
Top Page
http://www.friendlylab.co.jp/
WebNote Clip
Webnote Clip
http://www.friendlylab.co.jp/clip/clip4/news/index.html
JVN
JVN#87830692
http://jvn.jp/en/jp/JVN87830692/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-12-20T00:00:00+09:00
JVNDB-2005-000802
BBSNote cross-site scripting vulnerability
BBSNote, CGI bulletin board script, contains a cross-site scripting vulnerability due to improper handling of CGI arguments.
WonderCatStudio
BBSNote
cpe:/a:misc:bbsnote
V8.00b15 to V8.00b18
Medium
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
A malicious script may be executed on the user's web browser.
BBSNote
Archive
http://wondercatstudio.com/archive/
JVN
JVN#93004125
http://jvn.jp/en/jp/JVN93004125/index.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-12-27T00:00:00+09:00
JVNDB-2005-000804
Tomcat vulnerable in request processing
Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat supports Coyote JK Connector and Coyote HTTP/1.1 Connector.
Apache Software Foundation
Apache Tomcat
cpe:/a:apache:tomcat
4.1.31 and earlier connected to a web server using the AJP 1.3 Connector (org.apache.ajp.tomcat4.Ajp13Connector)
Apple Inc.
Apple Mac OS X
cpe:/o:apple:mac_os_x
v10.4.11
Apple Inc.
Apple Mac OS X Server
cpe:/o:apple:mac_os_x_server
v10.4.11
Cybertrust Japan Co., Ltd.
Asianux Server
cpe:/o:misc:miraclelinux_asianux_server
2.0
2.1
FUJITSU
Campusmate/Portal
cpe:/a:fujitsu:campusmate_portal
FUJITSU
Internet Navigware Server
cpe:/a:fujitsu:internet_navigware_server
FUJITSU
Interstage Application Framework Suite
cpe:/a:fujitsu:interstage_application_framework_suite
FUJITSU
Interstage Application Server
cpe:/a:fujitsu:interstage_application_server
FUJITSU
Interstage Business Application Server
cpe:/a:fujitsu:interstage_business_application_server
FUJITSU
Interstage Job Workload Server
cpe:/a:fujitsu:interstage_job_workload_server
FUJITSU
Interstage List Manager
cpe:/a:fujitsu:interstage_list_manager
Hitachi, Ltd
Cosminexus Application Server
cpe:/a:hitachi:cosminexus_application_server
Enterprise Version6
Standard Version6
Version5
Hitachi, Ltd
Cosminexus Developer
cpe:/a:hitachi:cosminexus_developer
Light Version6
Professional Version6
Standard Version6
Version5
Hitachi, Ltd
Cosminexus Primary Server
cpe:/a:hitachi:cosminexus_primary_server
Base Version5
Base Version6
Version6
Hitachi, Ltd
Embedded Cosminexus Server
cpe:/a:hitachi:embedded_cosminexus_server
Base Version5
Version5
NEC Corporation
Spectral Wave Manager Series
cpe:/h:nec:spectral_wave_manager
for MG siries
HLS 2.4G NE-OpS
U-Node Network Element Manager
NEC Corporation
WebOTX Application Server
cpe:/a:nec:webotx_application_server
Ver.4.2
Ver.5.1 - 5.3
NEC Corporation
WebSAM SystemManager
cpe:/a:nec:websam_systemmanager
R2.x
Sun Microsystems, Inc.
Sun Solaris
cpe:/o:sun:solaris
10 (sparc)
10 (x86)
9 (sparc)
9 (x86)
Low
2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
A remote attacker could execute an illegal request using other users' information or view other users' information.
The Apache Software Foundation currently does not support AJP 1.3 Connector, and recommends the use of Coyote JK Connector instead. It also recommends users to upgrade from Tomcat 4.x to Tomcat 5.x. The Information-technology Promotion Agency, Japan (IPA) has created the patch for AJP 1.3 Connector (org.apache.ajp.tomcat4.Ajp13Connector) for Tomcat 4.1.31. The patch is available at the links in the References.
Apache Tomcat
Fixed in Apache Tomcat 4.1.37
http://tomcat.apache.org/security-4.html
Apple Security Updates
Security Update 2008-004
http://support.apple.com/kb/HT2163
FUJITSU Security Information
JVN#79314822
http://software.fujitsu.com/jp/security/vulnerabilities/jvn-79314822.html
Hitachi Software Vulnerability Information
HS05-019
http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/index-e.html
MIRACLE LINUX Update Information
tomcat4 (V2.x)
http://www.miraclelinux.com/update/linux/list.php?errata_id=1253
NEC Security Information
NV05-028
http://www.nec.co.jp/security-info/secinfo/nv05-028.html
Sun Alert Notification
239312
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1
Common Vulnerabilities and Exposures (CVE)
CVE-2005-3164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164
JVN
JVN#79314822
http://jvn.jp/en/jp/JVN79314822/index.html
National Vulnerability Database (NVD)
CVE-2005-3164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3164
Secunia Advisory
SA17019
http://secunia.com/advisories/17019
SecurityFocus
15003
http://www.securityfocus.com/bid/15003
JVNDB
CWE-200
Information Exposure
https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published\n[2008/06/06]\n Affected Products : Added MIRACLE LINUX CORPORATION (tomcat4 (V2.x)).\n Vendor Information : Added MIRACLE LINUX CORPORATION (tomcat4 (V2.x)).\n[2008/07/04]\n Affected Products : Added Apple Inc. (Security Update 2008-004).\n Affected Products : Added Sun Microsystems, Inc. (239312).\n Vendor Information : Added Apple Inc. (Security Update 2008-004).\n Vendor Information : Added Sun Microsystems, Inc. (239312).\n[2008/07/07]\n Affected Products : Added FUJITSU (JVN#79314822).\n Vendor Information : Added FUJITSU (JVN#79314822).
2008-05-21T00:00:00+09:00
2008-07-07T18:04:20+09:00
2005-09-30T00:00:00+09:00
JVNDB-2005-000805
nProtect Netizen has multiple vulnerabilities
nProtect Netizen contains multiple vulnerabilities. - It may fetch update files from an arbitrary site - It may download and save malicious files - It may cause an abnormal web browser termination
Metro,Inc.
nProtect : Netizen
cpe:/a:misc:metro_nprotect
netizen Ver.4 and earlier
NetMove Corporation
nProtect : Netizen
cpe:/a:saat:nprotect_netizen
netizen Ver.4 and earlier
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
A remote attacker could lead a user to save a malicious file to the local storage and execute it or cause an abnormal web browser termination.
Metro,Inc
security
http://www.tokyo.metro.co.jp/security/security.html
nProtect News
neti-05-001
http://nprotect.jp/news/news05042501.html
Common Vulnerabilities and Exposures (CVE)
CVE-2005-1301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1301
JVN
JVN#AF02FB4B
http://jvn.jp/en/jp/JVNAF02FB4B/index.html
National Vulnerability Database (NVD)
CVE-2005-1301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-1301
Secunia Advisory
SA15101
http://secunia.com/advisories/15101
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-04-25T00:00:00+09:00
JVNDB-2005-000864
XOOPS cross-site scripting vulnerability
XOOPS is an open source web content management system implemented in PHP. XOOPS itself and its forum modules have multiple vulnerabilities in validating private messages and forum articles.
XOOPS
XOOPS Cube
cpe:/a:xoops:xoops_cube
2.0.12 JP and earlier
2.0.13.1 and earlier
2.2.3 RC1 and earlier
Medium
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
A remote attacker may upload a script to be executed by a user reading a private message or a forum article. This may allow a remote attacker to perform a session-hijacking and manipulate the screens after the user logs in.
XOOPS Cube
XOOPS 2.0.13 JP release
http://xoopscube.jp/modules/cubeNews/?action=detail&id=14
Common Vulnerabilities and Exposures (CVE)
CVE-2005-2338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2338
JVN
JVN#77105349
http://jvn.jp/en/jp/JVN77105349/index.html
National Vulnerability Database (NVD)
CVE-2005-2338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2338
Secunia Advisory
SA17300
http://secunia.com/advisories/17300
SecurityFocus
15195
http://www.securityfocus.com/bid/15195
0
2018-02-17T10:37:53+09:00
[2008/05/21]\n Web page published
2008-05-21T00:00:00+09:00
2008-05-21T00:00:00+09:00
2005-10-26T00:00:00+09:00