Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by futomi Co.,Ltd.

    JVNDB-2018-000011

    Vulnerability from jvndb - Published: 2018-02-08 12:21 - Updated:2018-04-11 11:57
    Severity
    Summary
    MP Form Mail CGI eCommerce Edition vulnerable to OS command injection
    Details
    MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability (CWE-78). Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000011.html",
      "dc:date": "2018-04-11T11:57+09:00",
      "dcterms:issued": "2018-02-08T12:21+09:00",
      "dcterms:modified": "2018-04-11T11:57+09:00",
      "description": "MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability (CWE-78).\r\n\r\nDaiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000011.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_ecommerce",
        "@product": "MP Form Mail CGI eCommerce Edition",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "5.6",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000011",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN15462187/index.html",
          "@id": "JVN#15462187",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0514",
          "@id": "CVE-2018-0514",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0514",
          "@id": "CVE-2018-0514",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "MP Form Mail CGI eCommerce Edition vulnerable to OS command injection"
    }

    JVNDB-2016-000069

    Vulnerability from jvndb - Published: 2016-05-20 14:22 - Updated:2016-06-08 17:23
    Severity
    Summary
    MP Form Mail CGI Professional Edition vulnerable to directory traversal
    Details
    MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability (CWE-22). Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000069.html",
      "dc:date": "2016-06-08T17:23+09:00",
      "dcterms:issued": "2016-05-20T14:22+09:00",
      "dcterms:modified": "2016-06-08T17:23+09:00",
      "description": "MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability (CWE-22).\r\n\r\nYuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000069.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_professional",
        "@product": "MP Form Mail CGI Professional Edition",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000069",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN42545812/index.html",
          "@id": "JVN#42545812",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1212",
          "@id": "CVE-2016-1212",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1212",
          "@id": "CVE-2016-1212",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "MP Form Mail CGI Professional Edition vulnerable to directory traversal"
    }

    JVNDB-2015-000041

    Vulnerability from jvndb - Published: 2015-03-20 12:30 - Updated:2015-03-24 15:11
    Severity
    N/A (UNKNOWN) - -
    Summary
    MP Form Mail CGI eCommerce edition vulnerable to code injection
    Details
    MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000041.html",
      "dc:date": "2015-03-24T15:11+09:00",
      "dcterms:issued": "2015-03-20T12:30+09:00",
      "dcterms:modified": "2015-03-24T15:11+09:00",
      "description": "MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000041.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_ecommerce",
        "@product": "MP Form Mail CGI eCommerce Edition",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.5",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000041",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN39175666/index.html",
          "@id": "JVN#39175666",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0898",
          "@id": "CVE-2015-0898",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0898",
          "@id": "CVE-2015-0898",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        }
      ],
      "title": "MP Form Mail CGI eCommerce edition vulnerable to code injection"
    }

    JVNDB-2010-000035

    Vulnerability from jvndb - Published: 2010-09-10 17:25 - Updated:2010-09-10 17:25
    Severity
    N/A (UNKNOWN) - -
    Summary
    Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe
    Details
    Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. According to the developer, users of the Professional version that are using the "Method to load js files for tags within the head tag" as stated in the manual are not affected by this vulnerability. Katsumi Kobayashi of NRI Secure Technologies, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000035.html",
      "dc:date": "2010-09-10T17:25+09:00",
      "dcterms:issued": "2010-09-10T17:25+09:00",
      "dcterms:modified": "2010-09-10T17:25+09:00",
      "description": "Access Analyzer CGI from futomi\u0027s CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.\r\n\r\nAccess Analyzer CGI provided by futomi\u0027s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.\r\n\r\nAccording to the developer, users of the Professional version that are using the \"Method to load js files for tags within the head tag\" as stated in the manual are not affected by this vulnerability. \r\n\r\nKatsumi Kobayashi of NRI Secure Technologies, Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000035.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professional",
          "@product": "Access Analyzer CGI Professional Version",
          "@vendor": "futomi Co.,Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard",
          "@product": "Access Analyzer CGI Standard Version",
          "@vendor": "futomi Co.,Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2010-000035",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN35605523/index.html",
          "@id": "JVN#35605523",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2366",
          "@id": "CVE-2010-2366",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2366",
          "@id": "CVE-2010-2366",
          "@source": "NVD"
        },
        {
          "#text": "http://www.securityfocus.com/bid/43142",
          "@id": "43142",
          "@source": "BID"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Cross-site scripting vulnerability in Access Analyzer CGI by futomi\u0027s CGI Cafe"
    }

    JVNDB-2009-000049

    Vulnerability from jvndb - Published: 2009-07-24 17:19 - Updated:2009-07-24 17:19
    Severity
    N/A (UNKNOWN) - -
    Summary
    Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
    Details
    RevoCounter CGI (Animation Counter) from futomi's CGI Cafe contains a cross-site scripting vulnerability. RevoCounter CGI (Animation Counter) from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI (Animation Counter) contains a cross-site scripting vulnerability.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000049.html",
      "dc:date": "2009-07-24T17:19+09:00",
      "dcterms:issued": "2009-07-24T17:19+09:00",
      "dcterms:modified": "2009-07-24T17:19+09:00",
      "description": "RevoCounter CGI (Animation Counter) from futomi\u0027s CGI Cafe contains a cross-site scripting vulnerability.\r\n\r\nRevoCounter CGI (Animation Counter) from futomi\u0027s CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI (Animation Counter) contains a cross-site scripting vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000049.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:revocounter_cgi",
        "@product": "RevoCounter CGI",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000049",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN29852698/index.html",
          "@id": "JVN#29852698",
          "@source": "JVN"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)"
    }

    JVNDB-2009-000016

    Vulnerability from jvndb - Published: 2009-03-31 16:08 - Updated:2009-03-31 16:08
    Severity
    N/A (UNKNOWN) - -
    Summary
    Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges
    Details
    Access Analyzer CGI Professional Version from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contains a vulnerability that allows an attacker to gain administrative privileges. Taketo Ikeuchi and Seiki Sugahara reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000016.html",
      "dc:date": "2009-03-31T16:08+09:00",
      "dcterms:issued": "2009-03-31T16:08+09:00",
      "dcterms:modified": "2009-03-31T16:08+09:00",
      "description": "Access Analyzer CGI Professional Version from futomi\u0027s CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. \r\n\r\nAccess Analyzer CGI provided by futomi\u0027s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contains a vulnerability that allows an attacker to gain administrative privileges.\r\n\r\nTaketo Ikeuchi and Seiki Sugahara reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000016.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professional",
        "@product": "Access Analyzer CGI Professional Version",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.5",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000016",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN63511247/index.html",
          "@id": "JVN#63511247",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1206",
          "@id": "CVE-2009-1206",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1206",
          "@id": "CVE-2009-1206",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/34516",
          "@id": "SA34516",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://xforce.iss.net/xforce/xfdb/49525",
          "@id": "49525",
          "@source": "XF"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000016.html",
          "@id": "JVNDB-2009-000016",
          "@source": "JVNDB_En"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-255",
          "@title": "Credentials Management(CWE-255)"
        }
      ],
      "title": "Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges"
    }

    JVNDB-2009-000015

    Vulnerability from jvndb - Published: 2009-03-16 17:07 - Updated:2009-03-16 17:07
    Severity
    N/A (UNKNOWN) - -
    Summary
    Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)
    Details
    Access Analyzer CGI Standard Version (Ver. 3.x) from futomi's CGI Cafe contains a cross-site scripting vulnerability. Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version (Ver. 3.x) contains a cross-site scripting vulnerability. This vulnerability was fixed in version 4.0.0 released on November 23, 2007. The most recent version (4.0.2) was released on December 12, 2008.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000015.html",
      "dc:date": "2009-03-16T17:07+09:00",
      "dcterms:issued": "2009-03-16T17:07+09:00",
      "dcterms:modified": "2009-03-16T17:07+09:00",
      "description": "Access Analyzer CGI Standard Version (Ver. 3.x) from futomi\u0027s CGI Cafe contains a cross-site scripting vulnerability. \r\n\r\nAccess Analyzer CGI Standard Version provided by futomi\u0027s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version (Ver. 3.x) contains a cross-site scripting vulnerability. \r\n\r\nThis vulnerability was fixed in version 4.0.0 released on November 23, 2007. The most recent version (4.0.2) was released on December 12, 2008.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000015.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard",
        "@product": "Access Analyzer CGI Standard Version",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000015",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN23558374/index.html",
          "@id": "JVN#23558374",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0971",
          "@id": "CVE-2009-0971",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0971",
          "@id": "CVE-2009-0971",
          "@source": "NVD"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000015.html",
          "@id": "JVNDB-2009-000015",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)"
    }

    JVNDB-2009-000014

    Vulnerability from jvndb - Published: 2009-03-13 16:25 - Updated:2009-03-13 16:25
    Severity
    N/A (UNKNOWN) - -
    Summary
    MP Form Mail CGI vulnerability allows third party to gain administrative privileges
    Details
    MP Form Mail CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000014.html",
      "dc:date": "2009-03-13T16:25+09:00",
      "dcterms:issued": "2009-03-13T16:25+09:00",
      "dcterms:modified": "2009-03-13T16:25+09:00",
      "description": "MP Form Mail CGI from futomi\u0027s CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. \r\n\r\nMP Form Mail CGI from futomi\u0027s CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000014.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_ecommerce",
          "@product": "MP Form Mail CGI eCommerce Edition",
          "@vendor": "futomi Co.,Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_professional",
          "@product": "MP Form Mail CGI Professional Edition",
          "@vendor": "futomi Co.,Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.5",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000014",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN84899898/index.html",
          "@id": "JVN#84899898",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0962",
          "@id": "CVE-2009-0962",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0962",
          "@id": "CVE-2009-0962",
          "@source": "NVD"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000014.html",
          "@id": "JVNDB-2009-000014",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-255",
          "@title": "Credentials Management(CWE-255)"
        }
      ],
      "title": "MP Form Mail CGI vulnerability allows third party to gain administrative privileges"
    }

    JVNDB-2009-000008

    Vulnerability from jvndb - Published: 2009-01-28 15:25 - Updated:2009-01-28 15:25
    Severity
    N/A (UNKNOWN) - -
    Summary
    Fulltext search CGI vulnerability allows third party to gain administrative privileges
    Details
    Fulltext search CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000008.html",
      "dc:date": "2009-01-28T15:25+09:00",
      "dcterms:issued": "2009-01-28T15:25+09:00",
      "dcterms:modified": "2009-01-28T15:25+09:00",
      "description": "Fulltext search CGI from futomi\u0027s CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges.\r\n\r\nFulltext search CGI is a website search software from futomi\u0027s CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000008.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:full-text_search_cgi",
        "@product": "full-text search CGI",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.5",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000008",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN80771386/index.html",
          "@id": "JVN#80771386",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0469",
          "@id": "CVE-2009-0469",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0469",
          "@id": "CVE-2009-0469",
          "@source": "NVD"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000008.html",
          "@id": "JVNDB-2009-000008",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-255",
          "@title": "Credentials Management(CWE-255)"
        }
      ],
      "title": "Fulltext search CGI vulnerability allows third party to gain administrative privileges"
    }

    JVNDB-2008-000083

    Vulnerability from jvndb - Published: 2008-12-17 15:30 - Updated:2008-12-17 15:30
    Severity
    N/A (UNKNOWN) - -
    Summary
    Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
    Details
    Access Analyzer CGI from futomi's CGI Cafe contains a predictable session ID vulnerability. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html",
      "dc:date": "2008-12-17T15:30+09:00",
      "dcterms:issued": "2008-12-17T15:30+09:00",
      "dcterms:modified": "2008-12-17T15:30+09:00",
      "description": "Access Analyzer CGI from futomi\u0027s CGI Cafe contains a predictable session ID vulnerability.\r\n\r\nAccess Analyzer CGI provided by futomi\u0027s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professional",
          "@product": "Access Analyzer CGI Professional Version",
          "@vendor": "futomi Co.,Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard",
          "@product": "Access Analyzer CGI Standard Version",
          "@vendor": "futomi Co.,Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2008-000083",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN07468800/index.html",
          "@id": "JVN#07468800",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5809",
          "@id": "CVE-2008-5809",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5809",
          "@id": "CVE-2008-5809",
          "@source": "NVD"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000083.html",
          "@id": "JVNDB-2008-000083",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "Predictable session ID vulnerability in Access Analyzer CGI by futomi\u0027s CGI Cafe"
    }

    JVNDB-2006-000695

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    Kmail CGI authentication bypass vulnerability
    Details
    Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000695.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000695.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:kmail_cgi",
        "@product": "Kmail CGI",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2006-000695",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN41241092/index.html",
          "@id": "JVN#41241092",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7111",
          "@id": "CVE-2006-7111",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7111",
          "@id": "CVE-2006-7111",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/22351/",
          "@id": "SA22351",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/20506",
          "@id": "20506",
          "@source": "BID"
        },
        {
          "#text": "http://osvdb.org/displayvuln.php?osvdb_id=29788",
          "@id": "29788",
          "@source": "OSVDB"
        }
      ],
      "title": "Kmail CGI authentication bypass vulnerability"
    }

    JVNDB-2007-000640

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting
    Details
    Fulltext search CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000640.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "Fulltext search CGI from futomi\u0027s CGI Cafe contains a cross-site scripting vulnerability.\r\n\r\nFulltext search CGI, website search software from futomi\u0027s CGI Cafe, contains a cross-site scripting vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000640.html",
      "sec:cpe": {
        "#text": "cpe:/a:futomis_cgi_cafe:full-text_search_cgi",
        "@product": "full-text search CGI",
        "@vendor": "futomi Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000640",
      "sec:references": {
        "#text": "http://jvn.jp/en/jp/JVN43091983/index.html",
        "@id": "JVN#43091983",
        "@source": "JVN"
      },
      "title": "Fulltext search CGI from futomi\u0027s CGI Cafe vulnerable to cross-site scripting"
    }