JVNDB RSS Feed - 2005 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-24T09:10:24+09:002024-03-24T09:10:24+09:00Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000163.html
Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.JVNDB-2005-000163http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0667http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0667http://secunia.com/advisories/14491/http://www.securityfocus.com/bid/12730cpe:/a:sylpheed:sylpheedcpe:/o:redhat:enterprise_linuxcpe:/o:redhat:linux_advanced_workstationcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_servercpe:/o:turbolinux:turbolinux_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Apache Tomcat denial of service vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000183.html
Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies.
Apache Tomcat contains a vulnerability that may allow a remote attacker to cause a denial of service (DoS).JVNDB-2005-000183http://jvn.jp/en/jp/JVNDD18AD07/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0808http://www.kb.cert.org/vuls/id/204710http://www.securityfocus.com/bid/12795cpe:/a:apache:tomcatcpe:/a:hitachi:cosminexus_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Sylpheed Filename Buffer Overflow Vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000199.html
Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.JVNDB-2005-000199http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0926http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0926http://www.securityfocus.com/bid/12934cpe:/a:sylpheed:sylpheedcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_servercpe:/o:turbolinux:turbolinux_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00DeleGate DNS Message Decompression Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000343.html
DNS implementation in DeleGate does not handle a compressed DNS packet properly, which could cause an infinite loop.
Note that some other DNS packet processing systems have the issues related to this vulnerability. For more information on those systems, please refer to NISCC-589088 (JVN) and NISCC Advisory 589088/NISCC/DNS (CPNI Advisory 00432).JVNDB-2005-000343http://jvn.jp/niscc/NISCC-589088/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0036http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0036http://www.cpni.gov.uk/docs/re-20050524-00432.pdf?lang=enhttp://www.cpni.gov.uk/Products/vulnerabilitydisclosures/default.aspx?id=va-20050524-00432.xmlhttp://www.securityfocus.com/bid/13729http://www.frsirt.com/english/advisories/2005/0610cpe:/a:delegate:delegate2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ruby XMLRPC Arbitrary Command Execution Vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000396.html
utils.rb in The Ruby XMLRPC server sets an insecure default value for the public_instance_methods function, which could cause the highly privileged function to be exposed.JVNDB-2005-000396http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1992http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-1992http://www.kb.cert.org/vuls/id/684913http://secunia.com/advisories/15767/http://www.securityfocus.com/bid/14016http://securitytracker.com/alerts/2005/Jun/1014253.htmlhttp://www.frsirt.com/english/advisories/2005/0833cpe:/a:ruby-lang:rubycpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:turbolinux:turbolinux_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Vulnerability in multiple web browsers allowing request spoofing attacks
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000530.html
Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.
In general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.JVNDB-2005-000530http://jvn.jp/en/jp/JVN31226748/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2703http://secunia.com/advisories/16911/http://www.securityfocus.com/bid/14923http://www.frsirt.com/english/advisories/2005/1824https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mozilla:firefoxcpe:/a:mozilla:mozilla_suitecpe:/a:opera:opera_browsercpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstationcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Webmin and Usermin authentication bypass vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000537.html
Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.JVNDB-2005-000537http://jvn.jp/en/jp/JVN40940493/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3042http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3042http://secunia.com/advisories/16858/http://www.securityfocus.com/bid/14889http://www.frsirt.com/english/advisories/2005/1791cpe:/a:webmin:usermincpe:/a:webmin:webmincpe:/o:misc:miraclelinux_asianux_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ruby vulnerability allowing to bypass safe level 4 as a sandbox
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000538.html
Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: "object taint" and "safe level". Ruby contains a vulnerability that may allow an attacker to execute an arbitrary script by bypassing the "safe level" checks.JVNDB-2005-000538http://jvn.jp/en/jp/JVN62914675/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2337http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2337http://www.kb.cert.org/vuls/id/160012http://www.securityfocus.com/bid/14909cpe:/a:ruby-lang:rubycpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linux2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00OpenSSL version rollback vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html
OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.
RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.JVNDB-2005-000601http://jvn.jp/en/jp/JVN23632449/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969http://secunia.com/advisories/17151/http://www.securityfocus.com/bid/15071http://www.securiteam.com/securitynews/6Y00D0AEBW.htmlhttp://www.frsirt.com/english/advisories/2005/2036cpe:/a:hitachi:cosminexus_application_server_enterprisecpe:/a:hitachi:cosminexus_application_server_standardcpe:/a:hitachi:cosminexus_application_server_version_5cpe:/a:hitachi:cosminexus_developer_light_version_6cpe:/a:hitachi:cosminexus_developer_professional_version_6cpe:/a:hitachi:cosminexus_developer_standard_version_6cpe:/a:hitachi:cosminexus_developer_version_5cpe:/a:hitachi:cosminexus_server_-_enterprise_editioncpe:/a:hitachi:cosminexus_server_-_standard_editioncpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4cpe:/a:hitachi:cosminexus_server_-_web_editioncpe:/a:hitachi:cosminexus_server_-_web_edition_version_4cpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_smart_editioncpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platformcpe:/a:openssl:opensslcpe:/a:trendmicro:interscan_messaging_security_suitecpe:/a:trendmicro:interscan_viruswallcpe:/a:trendmicro:interscan_web_security_suitecpe:/h:fujitsu:fmse-c301cpe:/h:fujitsu:ipcomcpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:linux_advanced_workstationcpe:/o:sun:solariscpe:/o:turbolinux:turbolinux_appliance_servercpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_servercpe:/o:turbolinux:turbolinux_wizpy2014-05-22T18:04+09:002008-05-21T00:00+09:002014-05-22T18:04+09:00Ruby XMLRPC Server Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000695.html
The User-level thread supported in Ruby does not switch while writing to a socket. This in turn blocks all subsequent procrsses when specially crafted requests are sent to the Web server and could result in a denial of service.JVNDB-2005-000695http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1931http://secunia.com/advisories/16904/http://www.securityfocus.com/bid/17645http://xforce.iss.net/xforce/xfdb/26102http://securitytracker.com/id?1015978http://www.osvdb.org/24972cpe:/a:ruby-lang:rubycpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktop2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Fujitsu Java Runtime Environment reflection API vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000705.html
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.
This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.JVNDB-2005-000705http://jvn.jp/en/jp/JVN15972537/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3904http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3904http://www.kb.cert.org/vuls/id/931684http://secunia.com/advisories/17748/http://www.securityfocus.com/bid/15615http://www.frsirt.com/english/advisories/2005/2636cpe:/a:ibm:java_sdkcpe:/a:sun:jdkcpe:/a:sun:jre2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Fujitsu Java Runtime Environment reflection API vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000706.html
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.
This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.JVNDB-2005-000706http://jvn.jp/en/jp/JVN15972537/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3905http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3905http://secunia.com/advisories/17748/http://www.securityfocus.com/bid/15615http://www.frsirt.com/english/advisories/2005/2636cpe:/a:ibm:java_sdkcpe:/a:sun:jdkcpe:/a:sun:jrecpe:/a:sun:sdk2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Fujitsu Java Runtime Environment reflection API vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000707.html
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.
This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.JVNDB-2005-000707http://jvn.jp/en/jp/JVN15972537/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3906http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3906http://www.kb.cert.org/vuls/id/974188http://secunia.com/advisories/17748/http://www.securityfocus.com/bid/15615http://www.frsirt.com/english/advisories/2005/2636cpe:/a:ibm:java_sdkcpe:/a:sun:jdkcpe:/a:sun:jrecpe:/a:sun:sdk2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00mod_imap cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing.
mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.JVNDB-2005-000727http://jvn.jp/en/jp/JVN06045169/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352http://www.us-cert.gov/cas/alerts/SA08-079A.htmlhttp://www.us-cert.gov/cas/alerts/SA08-150A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-079A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.securityfocus.com/bid/15834cpe:/a:apache:http_servercpe:/a:hitachi:cosminexus_application_server_enterprisecpe:/a:hitachi:cosminexus_application_server_standardcpe:/a:hitachi:cosminexus_application_server_version_5cpe:/a:hitachi:cosminexus_developer_light_version_6cpe:/a:hitachi:cosminexus_developer_professional_version_6cpe:/a:hitachi:cosminexus_developer_standard_version_6cpe:/a:hitachi:cosminexus_developer_version_5cpe:/a:hitachi:cosminexus_server_-_enterprise_editioncpe:/a:hitachi:cosminexus_server_-_standard_editioncpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4cpe:/a:hitachi:cosminexus_server_-_web_editioncpe:/a:hitachi:cosminexus_server_-_web_edition_version_4cpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_smart_editioncpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platformcpe:/a:ibm:http_servercpe:/a:oracle:http_servercpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:linux_advanced_workstationcpe:/o:sun:solariscpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_multimediacpe:/o:turbolinux:turbolinux_personalcpe:/o:turbolinux:turbolinux_server2014-05-22T18:03+09:002008-05-21T00:00+09:002014-05-22T18:03+09:00Tsuru-Kame Mail vulnerable in S/MIME signature verification
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000756.html
Tsuru-Kame Mail contains the following vulnerabilities in the S/MIME signature verification:
- S/MIME signature verification does not verify the certification path.
- S/MIME signature verification does not verify the certification expiration date.
The name of the software "Tsuru-Kame Mail" was changed to "Hidemaru Mail" on August 10, 2005.JVNDB-2005-000756http://jvn.jp/en/jp/JVNE59B594B/index.htmlcpe:/a:hidemaru:hidemaru_mail2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cybozu Office browser script execution vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000757.html
The HTML-mail compliant web mail function of Cybozu Office contains a vulnerability that may allow an attacker to execute browser script.JVNDB-2005-000757http://jvn.jp/en/jp/JVN8F8B1C85/index.htmlcpe:/a:cybozu:office2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00msearch directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000758.html
msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers.JVNDB-2005-000758http://jvn.jp/en/jp/JVN8BAAAB4E/index.htmlcpe:/a:misc:kiteya_msearchcpe:/a:msearch:unicode_msearch2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00McAfee VirusScan Engine buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000759.html
McAfee VirusScan Engine contains a buffer overflow vulnerability.JVNDB-2005-000759http://jvn.jp/en/jp/JVN1F649902/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0644http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0644http://www.kb.cert.org/vuls/id/361180http://www.securityfocus.com/bid/12832http://xforce.iss.net/xforce/alerts/id/190http://securitytracker.com/id?1013463cpe:/a:mcafee:scan_engine2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00McAfee VirusScan Engine buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000760.html
McAfee VirusScan Engine contains a buffer overflow vulnerability.JVNDB-2005-000760http://jvn.jp/en/jp/JVN1F649902/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0643http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0643http://www.kb.cert.org/vuls/id/361180http://secunia.com/advisories/14628http://www.securityfocus.com/bid/10243cpe:/a:mcafee:scan_engine2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Norton AntiVirus causes abnormal OS termination when a user edits a shared network file
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000761.html
Symantec Norton AntiVirus 2005 contains a vulnerability which could cause abnormal OS termination if a user running the vulnerable Norton AntiVirus edits a file in the shared network folder if "SmartScan" is chosen in the "Which file types to scan for viruses" setting.JVNDB-2005-000761http://jvn.jp/en/jp/JVN23D7E89F/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0923http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0923http://secunia.com/advisories/14741http://www.securityfocus.com/bid/12924http://securitytracker.com/id?1013585http://securitytracker.com/id?1013586http://securitytracker.com/id?1013587cpe:/a:symantec:norton_antiviruscpe:/a:symantec:norton_internet_securitycpe:/a:symantec:norton_system_works2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Norton AntiVirus causes abnormal OS termination when scanning illegal files
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000762.html
Symantec Norton AntiVirus 2004 and 2005 contain a vulnerability that causes an abnormal operating system termination of a computer, when their real-time scan feature is enabled and examining a file with a specially crafted file header.JVNDB-2005-000762http://jvn.jp/en/jp/JVNC45D8EAD/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0922http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0922http://www.kb.cert.org/vuls/id/146020http://secunia.com/advisories/14741http://www.securityfocus.com/bid/12923http://securitytracker.com/id?1013586http://securitytracker.com/id?1013587http://securitytracker.com/id?1013585cpe:/a:symantec:norton_antiviruscpe:/a:symantec:norton_internet_securitycpe:/a:symantec:norton_system_works2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00ppBlog cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000763.html
ppBlog, a weblog program written in PHP, contains a cross-site scripting vulnerability in its search form.JVNDB-2005-000763http://jvn.jp/en/jp/JVN55F159B6/index.htmlcpe:/a:misc:ppblog2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Website connection problem when a mobile phone terminal uses specific QR code
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000764.html
Mobile phone terminals supporting the two-dimensional code (QR code) read function are reported to have a website connection problem. When specific QR code is read, even if a user tries to connect to the URL string in the first line of the two URL lines displayed, the connection is established with the second URL.
This problem has been reported for KDDI mobile phones. The developer provides countermeasure information although they judged this problem not a vulnerability. JVN has publicized this issue in coordination with the developer to make it known to users.JVNDB-2005-000764http://jvn.jp/en/jp/JVN9ADCBB12/index.htmlcpe:/a:kddi:barcode_reader_2d2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Buffalo router configuration management interface vulnerable to remote access and password leakage
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000765.html
Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges.
By accessing the management interface, a remote attacker could also obtain user's account and password information of the ISP using the save settings function.JVNDB-2005-000765http://jvn.jp/en/jp/JVN55023557/index.htmlcpe:/h:buffalo_inc:bbr-4hgcpe:/h:buffalo_inc:bbr-4mg2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00w3ml cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000766.html
w3ml, a program used to display mailing list logs on the web site, contains a cross-site scripting vulnerability.JVNDB-2005-000766http://jvn.jp/en/jp/JVN97757029/index.htmlcpe:/a:misc:w3ml2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WebUD arbitrary program execution vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000767.html
WebUD, a web accessibility support tool, contains a vulnerability in its components that are automatically executed on it, which may allow execution of arbitrary code when a user accesses a malicious website.JVNDB-2005-000767http://jvn.jp/en/jp/JVNA7DA6818/index.htmlcpe:/a:fujitsu:webud2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Movable Type session management vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000768.html
Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access.JVNDB-2005-000768http://jvn.jp/en/jp/JVN74012178/index.htmlcpe:/a:sixapart:movabletype2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Virus Security heap overflow vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000769.html
SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails.JVNDB-2005-000769http://jvn.jp/en/jp/JVN8EDB8A96/index.htmlcpe:/a:sourcenext:virus_security2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Virus Security memory leak vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000770.html
SourceNext Virus Security has a problem in processing a specially crafted email. When the email has a virus as an attachment and Virus Security detects that virus, memory leak occurs.JVNDB-2005-000770http://jvn.jp/en/jp/JVNA45697B1/index.htmlcpe:/a:sourcenext:virus_security2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Wiki clone cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000771.html
Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user.JVNDB-2005-000771http://jvn.jp/en/jp/JVN465742E4/index.htmlcpe:/a:fswiki:wikicpe:/a:fswiki:wikilitecpe:/a:hiki:hikicpe:/a:misc:aswikicpe:/a:misc:wiki_modoki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Inappropriate interpretation of mailto URL scheme by mail client software
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000772.html
The mailto URL scheme is used to designate the Internet email address on a web page. Specifying an email address and body text using the mailto URL scheme gives a template for a mail message. Many mail clients have a function to set a field specified by the mailto URL scheme in a mail header.
RFC2368 defining the mailto URL scheme points out the followings in its Security Considerations section.
- A mail client should never send anything without complete disclosure to the user of the full message created based on descriptions of the mailto URL scheme
- It should explicitly display any headers along with the message destination.
- It is inappropriate to set a header related to mail delivery based on descriptions of the mailto URL scheme
However, some mail clients set the header related to mail delivery based on descriptions of the mailto URL scheme or do not explicitly display the full header.
We published this issue on JVN in coordination with developers, to publicize the issue to users and mail client developers.JVNDB-2005-000772http://jvn.jp/en/jp/JVNFCAD9BD8/index.htmlhttp://www.ietf.org/rfc/rfc2368.txtcpe:/a:allied_telesis_k.k.:at-mail_servercpe:/a:hidemaru:hidemaru_mailcpe:/a:justsystems:shurikencpe:/a:misc:edcom_edmaxcpe:/a:misc:edcom_edmax_freecpe:/a:misc:orange_winbiffcpe:/a:rimarts_inc.:becky_internet_mail2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00desknet's cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000773.html
If a user views HTML email containing a malicious script, it could be executed.
This problem allows execution of script having patterns other than those addressed in JVN#F88C2C13 (additional information to JVN#89DE2014).JVNDB-2005-000773http://jvn.jp/en/jp/JVN0DC004F6/index.htmlcpe:/a:neo_japan:desknets2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00SFS cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000774.html
A cross-site scripting vulnerability exists in SFS (Server-type Filtering System) provided by the New Media Development Association.JVNDB-2005-000774http://jvn.jp/en/jp/JVN7B700088/index.htmlcpe:/a:misc:nmda_sfs2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Vulnerability involving security zone handling in applications using Internet Explorer components
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000775.html
Internet Explorer (IE) components apply different security levels for web content processing depending on the location (zone) of the web content.
As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the "Intranet" zone.
However, we have confirmed that some applications using IE components may process web content in an inappropriate zone.JVNDB-2005-000775http://jvn.jp/en/jp/JVN257C6F28/index.htmlcpe:/a:fujitsu:atlascpe:/a:fujitsu:atlas_translationcpe:/a:fujitsu:bizlingocpe:/a:fujitsu:es_at_schoolcpe:/a:fujitsu:hiragana_navicpe:/a:fujitsu:japanistcpe:/a:fujitsu:rakuraku_browsercpe:/a:fujitsu:rakuraku_mailcpe:/a:fujitsu:simplia_jf_clientmatecpe:/a:fujitsu:simplia_tf-webtestcpe:/a:fujitsu:translation_surfincpe:/a:hitachi:dnasis_procpe:/a:justsystems:netas_seedcpe:/a:misc:paper_2001cpe:/a:misc:paper_copi2010-10-12T16:44+09:002008-05-21T00:00+09:002010-10-12T16:44+09:00Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html
The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.
If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.
This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.
*1 JPCERT/CC coordinated this issue based on the publicly available information.JVNDB-2005-000776http://jvn.jp/en/jp/JVN93926203/index.htmlhttp://www.jpcert.or.jp/wr/2005/wr052701.txtcpe:/a:adobe:coldfusioncpe:/a:adobe:jruncpe:/a:apc:powerchutecpe:/a:bea:weblogic_expresscpe:/a:bea:weblogic_platformcpe:/a:bea:weblogic_servercpe:/a:cisco:wan_managercpe:/a:cisco:wireless_lan_solution_enginecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:powerchutecpe:/a:hitachi:cosminexus_servercpe:/a:hitachi:cosminexus_web_contents_generatorcpe:/a:ibm:java_jcecpe:/a:ibm:java_jdkcpe:/a:ibm:java_jrecpe:/a:misc:infoteria_asteria_r2_flow_buildercpe:/a:misc:infoteria_asteria_r2_servercpe:/a:nec:esmpro_upsmanagercpe:/a:nec:powerchutecpe:/a:sun:j2secpe:/a:sun:jcecpe:/h:cisco:hosting_solution_enginecpe:/h:fujitsu:primergycpe:/h:hitachi:ha8000cpe:/h:mcafee:intrushield_security_management_system2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00tDiary cross-site request forgery vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000777.html
tDiary, a weblog system from the tDiary development project, contains a cross-site request forgery (CSRF) vulnerability.JVNDB-2005-000777http://jvn.jp/en/jp/JVN60776919/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2411http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2411http://secunia.com/advisories/16329/http://www.securityfocus.com/bid/14500http://xforce.iss.net/xforce/xfdb/21735cpe:/a:tdiary:tdiary2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00QRcode Perl CGI & PHP script vulnerable to denial of service attack
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000778.html
QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from clients, which could also affect other processes running on the server.JVNDB-2005-000778http://jvn.jp/en/jp/JVN29273468/index.htmlcpe:/a:misc:swetake_qrcode_perl_cgi_php_scripts2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hiki cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000779.html
Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.
JVNDB-2005-000779http://jvn.jp/en/jp/JVN38138980/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2803http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2803http://www.securityfocus.com/bid/15021cpe:/a:hiki:hiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hiki cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000780.html
Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.
JVNDB-2005-000780http://jvn.jp/en/jp/JVN38138980/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2336http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2336http://secunia.com/advisories/17075http://www.securityfocus.com/bid/15021cpe:/a:hiki:hiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Common Management Agent 3.x vulnerable to information leakage
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000781.html
Common Management Agent used in ePolicy Orchestrator and ProtectionPilot has a problem in directory access right setting which allows an attacker to obtain or view a list of files.JVNDB-2005-000781http://jvn.jp/en/jp/JVN8778A308/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2554http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2554http://secunia.com/advisories/16410http://www.securityfocus.com/bid/14549http://xforce.iss.net/xforce/xfdb/21839http://www.frsirt.com/english/advisories/2005/1402http://www.osvdb.org/18735cpe:/a:mcafee:epolicy_orchestratorcpe:/a:mcafee:protectionpilot2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WirelessIP5000 has multiple vulnerabilities
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000782.html
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities;
- Illegal access using the port TCP3390
- SNMP access using an arbitrary community name
- Access to the HTTP server by an unauthorized user in the factory default configuration
- The HTTP server shows detailed information that can be used by an attacker to attempt attacks
- The factory default password for administrator account is easily guessedJVNDB-2005-000782http://jvn.jp/en/jp/JVN76659792/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3720http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3720http://secunia.com/advisories/17628cpe:/h:hitachi:wireless_ip50002008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WirelessIP5000 has multiple vulnerabilities
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000783.html
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities;
- Illegal access using the port TCP3390
- SNMP access using an arbitrary community name
- Access to the HTTP server by an unauthorized user in the factory default configuration
- The HTTP server shows detailed information that can be used by an attacker to attempt attacks
- The factory default password for administrator account is easily guessedJVNDB-2005-000783http://jvn.jp/en/jp/JVN76659792/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3722http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3722http://secunia.com/advisories/17628cpe:/h:hitachi:wireless_ip50002008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WirelessIP5000 has multiple vulnerabilities
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000784.html
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities;
- Illegal access using the port TCP3390
- SNMP access using an arbitrary community name
- Access to the HTTP server by an unauthorized user in the factory default configuration
- The HTTP server shows detailed information that can be used by an attacker to attempt attacks
- The factory default password for administrator account is easily guessedJVNDB-2005-000784http://jvn.jp/en/jp/JVN76659792/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3723http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3723http://secunia.com/advisories/17628cpe:/h:hitachi:wireless_ip50002008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WirelessIP5000 has multiple vulnerabilities
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000785.html
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities;
- Illegal access using the port TCP3390
- SNMP access using an arbitrary community name
- Access to the HTTP server by an unauthorized user in the factory default configuration
- The HTTP server shows detailed information that can be used by an attacker to attempt attacks
- The factory default password for administrator account is easily guessedJVNDB-2005-000785http://jvn.jp/en/jp/JVN76659792/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3719http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3719cpe:/h:hitachi:wireless_ip50002008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WirelessIP5000 has multiple vulnerabilities
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000786.html
WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities;
- Illegal access using the port TCP3390
- SNMP access using an arbitrary community name
- Access to the HTTP server by an unauthorized user in the factory default configuration
- The HTTP server shows detailed information that can be used by an attacker to attempt attacks
- The factory default password for administrator account is easily guessedJVNDB-2005-000786http://jvn.jp/en/jp/JVN76659792/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3721http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3721http://secunia.com/advisories/17628cpe:/h:hitachi:wireless_ip50002008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Pochy denial-of-service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000787.html
Pochy, email client software operating in the Microsoft Windows environment, contains a vulnerability that may cause the processing to stop while the CPU load is high and a denial-of-service (DoS) after receiving a specific string.JVNDB-2005-000787http://jvn.jp/en/jp/JVN23727054/index.htmlcpe:/a:misc:pochy2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00FreeStyleWiki command injection vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000788.html
A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface.JVNDB-2005-000788http://jvn.jp/en/jp/JVN42435855/index.htmlcpe:/a:fswiki:wiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hyper NIKKI System cross-site request forgery vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000789.html
Hyper NIKKI System (hns), a weblog system from the Hyper NIKKI System Project, contains a cross-site request forgery (CSRF) vulnerability.
JVNDB-2005-000789http://jvn.jp/en/jp/JVN97422426/index.htmlcpe:/a:hns:hns2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cross-site scripting vulnerability in the Unicode version of msearch
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000791.html
The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch.JVNDB-2005-000791http://jvn.jp/en/jp/JVN79925E6F/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2339http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2339cpe:/a:msearch:unicode_msearch2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00eBASEweb SQL injection vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000792.html
eBASEweb, an optional product in the eBASE series data management software from eBASE Co., Ltd., contains an SQL injection vulnerability as it does not completely sanitize user input data.
eBASE Co., Ltd. has fixed this product and advised customers who have introduced this product to apply workarounds to address this vulnerability.
This vulnerability was reported in version 3.0 released before September 2005.
The versions released after September 2005 does not contain this vulnerability issue.JVNDB-2005-000792http://jvn.jp/en/jp/JVN59130192/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3333http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3333http://secunia.com/advisories/17301http://www.securityfocus.com/bid/15171http://xforce.iss.net/xforce/xfdb/22834http://securitytracker.com/alerts/2005/Oct/1015089.htmlhttp://osvdb.org/displayvuln.php?osvdb_id=20249cpe:/a:ebase:ebaseweb2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Hyper Estraier directory traversal/denial of service vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000793.html
Hyper Estraier, a full text search system, contains a vulnerability in the process of creating index files.JVNDB-2005-000793http://jvn.jp/en/jp/JVN18282718/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3421http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3421http://secunia.com/advisories/17379http://www.securityfocus.com/bid/15236http://securitytracker.com/id?1015119cpe:/a:hyper_estraier:hyper_estraier2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Kent Web PostMail vulnerable to third party mail relay
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000794.html
Kent Web PostMail, form mail software that enables sending email from web pages, contains a vulnerability which may allow the third party to relay mail as it does not properly check input.JVNDB-2005-000794http://jvn.jp/en/jp/JVN25106961/index.htmlcpe:/a:kent-web:kent-web_postmail2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00HTTPD-User-Manage cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000795.html
HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings.
This problem does not occur when only the library for managing database is solely used.JVNDB-2005-000795http://jvn.jp/en/jp/JVN30451602/index.htmlcpe:/a:lincoln_d._stein:httpd-user-manage2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000796.html
FreeStyleWiki contains a cross-site scripting and a cross-site request forgery vulnerabilities.
The cross-site scripting vulnerability could allow a remote attacker to create a web page containing a malicious script.
The cross-site request forgery vulnerability could allow a remote attacker to manipulate the user's operation if a FreeStyleWiki administrator views a specially crafted web page.JVNDB-2005-000796http://jvn.jp/en/jp/JVN67001206/index.htmlcpe:/a:fswiki:wiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000797.html
FreeStyleWiki contains a cross-site scripting and a cross-site request forgery vulnerabilities.
The cross-site scripting vulnerability could allow a remote attacker to create a web page containing a malicious script.
The cross-site request forgery vulnerability could allow a remote attacker to manipulate the user's operation if a FreeStyleWiki administrator views a specially crafted web page.JVNDB-2005-000797http://jvn.jp/en/jp/JVN67001206/index.htmlcpe:/a:fswiki:wiki2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00MitakeSearch cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000798.html
MitakeSearch, a fulltext search system from Hewlett-Packard Japan, contains a cross-site scripting vulnerability due to improper validation of input character strings in the ranking CGI script file, ranking.pl.JVNDB-2005-000798http://jvn.jp/en/jp/JVN76357668/index.htmlcpe:/a:hp:mitakesearch2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Problem with referer header handling on mobile phone web browsers
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000799.html
We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances.
This problem has been reported for KDDI's au mobile phones. KDDI, regarding this problem as a defect which leads to behaviors inconsistent with the specification of RFC2616, provides countermeasure information. JVN has publicized this issue in coordination with vendors to make it known to users.JVNDB-2005-000799http://jvn.jp/en/jp/JVN15243167/index.htmlcpe:/a:kddi:ezweb_browser2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Opera bookmark function vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000800.html
Opera Software ASA's Opera Web Browser contains a vulnerability that may cause a crash upon next startup if a specially crafted web page is registered in the bookmark.JVNDB-2005-000800http://jvn.jp/en/jp/JVN28011334/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4210http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4210http://secunia.com/advisories/17963http://www.securityfocus.com/bid/15813http://xforce.iss.net/xforce/xfdb/23549http://www.frsirt.com/english/advisories/2005/2846http://www.osvdb.org/21641cpe:/a:opera:opera_browser2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00WebNote Clip vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000801.html
WebNote Clip is CGI software to create bulletin boards, calendars, reports, and diaries. WebNote Clip contains an OS command injection vulnerability as it does not validate inputs properly.JVNDB-2005-000801http://jvn.jp/en/jp/JVN87830692/index.htmlcpe:/a:misc:webnote_clip2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00BBSNote cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000802.html
BBSNote, CGI bulletin board script, contains a cross-site scripting vulnerability due to improper handling of CGI arguments.JVNDB-2005-000802http://jvn.jp/en/jp/JVN93004125/index.htmlcpe:/a:misc:bbsnote2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Tomcat vulnerable in request processing
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000804.html
Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests.
To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat supports Coyote JK Connector and Coyote HTTP/1.1 Connector.JVNDB-2005-000804http://jvn.jp/en/jp/JVN79314822/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3164http://secunia.com/advisories/17019http://www.securityfocus.com/bid/15003https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/a:fujitsu:campusmate_portalcpe:/a:fujitsu:internet_navigware_servercpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_list_managercpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:cosminexus_primary_servercpe:/a:hitachi:embedded_cosminexus_servercpe:/a:nec:webotx_application_servercpe:/a:nec:websam_systemmanagercpe:/h:nec:spectral_wave_managercpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:misc:miraclelinux_asianux_servercpe:/o:sun:solaris2008-07-07T18:04+09:002008-05-21T00:00+09:002008-07-07T18:04+09:00nProtect Netizen has multiple vulnerabilities
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000805.html
nProtect Netizen contains multiple vulnerabilities.
- It may fetch update files from an arbitrary site
- It may download and save malicious files
- It may cause an abnormal web browser terminationJVNDB-2005-000805http://jvn.jp/en/jp/JVNAF02FB4B/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1301http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-1301http://secunia.com/advisories/15101cpe:/a:misc:metro_nprotectcpe:/a:saat:nprotect_netizen2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00XOOPS cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000864.html
XOOPS is an open source web content management system implemented in PHP.
XOOPS itself and its forum modules have multiple vulnerabilities in validating private messages and forum articles.JVNDB-2005-000864http://jvn.jp/en/jp/JVN77105349/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2338http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2338http://secunia.com/advisories/17300http://www.securityfocus.com/bid/15195cpe:/a:xoops:xoops_cube2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00