Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by futomi Co.,Ltd.
JVNDB-2018-000011
Vulnerability from jvndb - Published: 2018-02-08 12:21 - Updated:2018-04-11 11:57
Severity
Summary
MP Form Mail CGI eCommerce Edition vulnerable to OS command injection
Details
MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability (CWE-78).
Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000011.html",
"dc:date": "2018-04-11T11:57+09:00",
"dcterms:issued": "2018-02-08T12:21+09:00",
"dcterms:modified": "2018-04-11T11:57+09:00",
"description": "MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability (CWE-78).\r\n\r\nDaiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000011.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_ecommerce",
"@product": "MP Form Mail CGI eCommerce Edition",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000011",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN15462187/index.html",
"@id": "JVN#15462187",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0514",
"@id": "CVE-2018-0514",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0514",
"@id": "CVE-2018-0514",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "MP Form Mail CGI eCommerce Edition vulnerable to OS command injection"
}
JVNDB-2016-000069
Vulnerability from jvndb - Published: 2016-05-20 14:22 - Updated:2016-06-08 17:23
Severity
Summary
MP Form Mail CGI Professional Edition vulnerable to directory traversal
Details
MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability (CWE-22).
Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000069.html",
"dc:date": "2016-06-08T17:23+09:00",
"dcterms:issued": "2016-05-20T14:22+09:00",
"dcterms:modified": "2016-06-08T17:23+09:00",
"description": "MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability (CWE-22).\r\n\r\nYuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000069.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_professional",
"@product": "MP Form Mail CGI Professional Edition",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000069",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42545812/index.html",
"@id": "JVN#42545812",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1212",
"@id": "CVE-2016-1212",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1212",
"@id": "CVE-2016-1212",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "MP Form Mail CGI Professional Edition vulnerable to directory traversal"
}
JVNDB-2015-000041
Vulnerability from jvndb - Published: 2015-03-20 12:30 - Updated:2015-03-24 15:11Summary
MP Form Mail CGI eCommerce edition vulnerable to code injection
Details
MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000041.html",
"dc:date": "2015-03-24T15:11+09:00",
"dcterms:issued": "2015-03-20T12:30+09:00",
"dcterms:modified": "2015-03-24T15:11+09:00",
"description": "MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000041.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_ecommerce",
"@product": "MP Form Mail CGI eCommerce Edition",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000041",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN39175666/index.html",
"@id": "JVN#39175666",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0898",
"@id": "CVE-2015-0898",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0898",
"@id": "CVE-2015-0898",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "MP Form Mail CGI eCommerce edition vulnerable to code injection"
}
JVNDB-2010-000035
Vulnerability from jvndb - Published: 2010-09-10 17:25 - Updated:2010-09-10 17:25Summary
Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Details
Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.
According to the developer, users of the Professional version that are using the "Method to load js files for tags within the head tag" as stated in the manual are not affected by this vulnerability.
Katsumi Kobayashi of NRI Secure Technologies, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000035.html",
"dc:date": "2010-09-10T17:25+09:00",
"dcterms:issued": "2010-09-10T17:25+09:00",
"dcterms:modified": "2010-09-10T17:25+09:00",
"description": "Access Analyzer CGI from futomi\u0027s CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.\r\n\r\nAccess Analyzer CGI provided by futomi\u0027s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.\r\n\r\nAccording to the developer, users of the Professional version that are using the \"Method to load js files for tags within the head tag\" as stated in the manual are not affected by this vulnerability. \r\n\r\nKatsumi Kobayashi of NRI Secure Technologies, Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000035.html",
"sec:cpe": [
{
"#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professional",
"@product": "Access Analyzer CGI Professional Version",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard",
"@product": "Access Analyzer CGI Standard Version",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000035",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN35605523/index.html",
"@id": "JVN#35605523",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2366",
"@id": "CVE-2010-2366",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2366",
"@id": "CVE-2010-2366",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/43142",
"@id": "43142",
"@source": "BID"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cross-site scripting vulnerability in Access Analyzer CGI by futomi\u0027s CGI Cafe"
}
JVNDB-2009-000049
Vulnerability from jvndb - Published: 2009-07-24 17:19 - Updated:2009-07-24 17:19Summary
Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
Details
RevoCounter CGI (Animation Counter) from futomi's CGI Cafe contains a cross-site scripting vulnerability.
RevoCounter CGI (Animation Counter) from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI (Animation Counter) contains a cross-site scripting vulnerability.
References
| Type | URL | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000049.html",
"dc:date": "2009-07-24T17:19+09:00",
"dcterms:issued": "2009-07-24T17:19+09:00",
"dcterms:modified": "2009-07-24T17:19+09:00",
"description": "RevoCounter CGI (Animation Counter) from futomi\u0027s CGI Cafe contains a cross-site scripting vulnerability.\r\n\r\nRevoCounter CGI (Animation Counter) from futomi\u0027s CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI (Animation Counter) contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000049.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:revocounter_cgi",
"@product": "RevoCounter CGI",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000049",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN29852698/index.html",
"@id": "JVN#29852698",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)"
}
JVNDB-2009-000016
Vulnerability from jvndb - Published: 2009-03-31 16:08 - Updated:2009-03-31 16:08Summary
Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges
Details
Access Analyzer CGI Professional Version from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges.
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contains a vulnerability that allows an attacker to gain administrative privileges.
Taketo Ikeuchi and Seiki Sugahara reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000016.html",
"dc:date": "2009-03-31T16:08+09:00",
"dcterms:issued": "2009-03-31T16:08+09:00",
"dcterms:modified": "2009-03-31T16:08+09:00",
"description": "Access Analyzer CGI Professional Version from futomi\u0027s CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. \r\n\r\nAccess Analyzer CGI provided by futomi\u0027s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contains a vulnerability that allows an attacker to gain administrative privileges.\r\n\r\nTaketo Ikeuchi and Seiki Sugahara reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000016.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professional",
"@product": "Access Analyzer CGI Professional Version",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000016",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63511247/index.html",
"@id": "JVN#63511247",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1206",
"@id": "CVE-2009-1206",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1206",
"@id": "CVE-2009-1206",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/34516",
"@id": "SA34516",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/49525",
"@id": "49525",
"@source": "XF"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000016.html",
"@id": "JVNDB-2009-000016",
"@source": "JVNDB_En"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-255",
"@title": "Credentials Management(CWE-255)"
}
],
"title": "Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges"
}
JVNDB-2009-000015
Vulnerability from jvndb - Published: 2009-03-16 17:07 - Updated:2009-03-16 17:07Summary
Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)
Details
Access Analyzer CGI Standard Version (Ver. 3.x) from futomi's CGI Cafe contains a cross-site scripting vulnerability.
Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version (Ver. 3.x) contains a cross-site scripting vulnerability.
This vulnerability was fixed in version 4.0.0 released on November 23, 2007. The most recent version (4.0.2) was released on December 12, 2008.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000015.html",
"dc:date": "2009-03-16T17:07+09:00",
"dcterms:issued": "2009-03-16T17:07+09:00",
"dcterms:modified": "2009-03-16T17:07+09:00",
"description": "Access Analyzer CGI Standard Version (Ver. 3.x) from futomi\u0027s CGI Cafe contains a cross-site scripting vulnerability. \r\n\r\nAccess Analyzer CGI Standard Version provided by futomi\u0027s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version (Ver. 3.x) contains a cross-site scripting vulnerability. \r\n\r\nThis vulnerability was fixed in version 4.0.0 released on November 23, 2007. The most recent version (4.0.2) was released on December 12, 2008.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000015.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard",
"@product": "Access Analyzer CGI Standard Version",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000015",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23558374/index.html",
"@id": "JVN#23558374",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0971",
"@id": "CVE-2009-0971",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0971",
"@id": "CVE-2009-0971",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000015.html",
"@id": "JVNDB-2009-000015",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)"
}
JVNDB-2009-000014
Vulnerability from jvndb - Published: 2009-03-13 16:25 - Updated:2009-03-13 16:25Summary
MP Form Mail CGI vulnerability allows third party to gain administrative privileges
Details
MP Form Mail CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges.
MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000014.html",
"dc:date": "2009-03-13T16:25+09:00",
"dcterms:issued": "2009-03-13T16:25+09:00",
"dcterms:modified": "2009-03-13T16:25+09:00",
"description": "MP Form Mail CGI from futomi\u0027s CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges. \r\n\r\nMP Form Mail CGI from futomi\u0027s CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000014.html",
"sec:cpe": [
{
"#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_ecommerce",
"@product": "MP Form Mail CGI eCommerce Edition",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_professional",
"@product": "MP Form Mail CGI Professional Edition",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000014",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84899898/index.html",
"@id": "JVN#84899898",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0962",
"@id": "CVE-2009-0962",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0962",
"@id": "CVE-2009-0962",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000014.html",
"@id": "JVNDB-2009-000014",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-255",
"@title": "Credentials Management(CWE-255)"
}
],
"title": "MP Form Mail CGI vulnerability allows third party to gain administrative privileges"
}
JVNDB-2009-000008
Vulnerability from jvndb - Published: 2009-01-28 15:25 - Updated:2009-01-28 15:25Summary
Fulltext search CGI vulnerability allows third party to gain administrative privileges
Details
Fulltext search CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges.
Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000008.html",
"dc:date": "2009-01-28T15:25+09:00",
"dcterms:issued": "2009-01-28T15:25+09:00",
"dcterms:modified": "2009-01-28T15:25+09:00",
"description": "Fulltext search CGI from futomi\u0027s CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges.\r\n\r\nFulltext search CGI is a website search software from futomi\u0027s CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000008.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:full-text_search_cgi",
"@product": "full-text search CGI",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000008",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN80771386/index.html",
"@id": "JVN#80771386",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0469",
"@id": "CVE-2009-0469",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0469",
"@id": "CVE-2009-0469",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000008.html",
"@id": "JVNDB-2009-000008",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-255",
"@title": "Credentials Management(CWE-255)"
}
],
"title": "Fulltext search CGI vulnerability allows third party to gain administrative privileges"
}
JVNDB-2008-000083
Vulnerability from jvndb - Published: 2008-12-17 15:30 - Updated:2008-12-17 15:30Summary
Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Details
Access Analyzer CGI from futomi's CGI Cafe contains a predictable session ID vulnerability.
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html",
"dc:date": "2008-12-17T15:30+09:00",
"dcterms:issued": "2008-12-17T15:30+09:00",
"dcterms:modified": "2008-12-17T15:30+09:00",
"description": "Access Analyzer CGI from futomi\u0027s CGI Cafe contains a predictable session ID vulnerability.\r\n\r\nAccess Analyzer CGI provided by futomi\u0027s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html",
"sec:cpe": [
{
"#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professional",
"@product": "Access Analyzer CGI Professional Version",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard",
"@product": "Access Analyzer CGI Standard Version",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000083",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07468800/index.html",
"@id": "JVN#07468800",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5809",
"@id": "CVE-2008-5809",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5809",
"@id": "CVE-2008-5809",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000083.html",
"@id": "JVNDB-2008-000083",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Predictable session ID vulnerability in Access Analyzer CGI by futomi\u0027s CGI Cafe"
}
JVNDB-2006-000695
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Kmail CGI authentication bypass vulnerability
Details
Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000695.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000695.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:kmail_cgi",
"@product": "Kmail CGI",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000695",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN41241092/index.html",
"@id": "JVN#41241092",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7111",
"@id": "CVE-2006-7111",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7111",
"@id": "CVE-2006-7111",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/22351/",
"@id": "SA22351",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/20506",
"@id": "20506",
"@source": "BID"
},
{
"#text": "http://osvdb.org/displayvuln.php?osvdb_id=29788",
"@id": "29788",
"@source": "OSVDB"
}
],
"title": "Kmail CGI authentication bypass vulnerability"
}
JVNDB-2007-000640
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting
Details
Fulltext search CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability.
Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000640.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Fulltext search CGI from futomi\u0027s CGI Cafe contains a cross-site scripting vulnerability.\r\n\r\nFulltext search CGI, website search software from futomi\u0027s CGI Cafe, contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000640.html",
"sec:cpe": {
"#text": "cpe:/a:futomis_cgi_cafe:full-text_search_cgi",
"@product": "full-text search CGI",
"@vendor": "futomi Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000640",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN43091983/index.html",
"@id": "JVN#43091983",
"@source": "JVN"
},
"title": "Fulltext search CGI from futomi\u0027s CGI Cafe vulnerable to cross-site scripting"
}