Refine your search
3 vulnerabilities found for Lunascape by Lunascape
jvndb-2011-000012
Vulnerability from jvndb
Published
2011-02-23 15:41
Modified
2011-02-23 15:41
Summary
Lunascape may insecurely load executable files
Details
Lunascape may use unsafe methods for determining how to load executables (.exe).
Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html",
"dc:date": "2011-02-23T15:41+09:00",
"dcterms:issued": "2011-02-23T15:41+09:00",
"dcterms:modified": "2011-02-23T15:41+09:00",
"description": "Lunascape may use unsafe methods for determining how to load executables (.exe).\r\n\r\nLunascape is a web browser. Lunascape loads certain executables when using the \"script\" function. Lunascape contain an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html",
"sec:cpe": {
"#text": "cpe:/a:lunascape:lunascape",
"@product": "Lunascape",
"@vendor": "Lunascape",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000012",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN38362957",
"@id": "JVN#38362957",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0452",
"@id": "CVE-2011-0452",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0452",
"@id": "CVE-2011-0452",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/43441",
"@id": "SA43441",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/65592",
"@id": "65592",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Lunascape may insecurely load executable files"
}
jvndb-2011-000004
Vulnerability from jvndb
Published
2011-01-21 18:30
Modified
2011-01-21 18:30
Summary
Lunascape may insecurely load dynamic libraries
Details
Lunascape may use unsafe methods for determining how to load DLLs.
Lunascape is a web browser. Lunascape loads certain DLL's when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000004.html",
"dc:date": "2011-01-21T18:30+09:00",
"dcterms:issued": "2011-01-21T18:30+09:00",
"dcterms:modified": "2011-01-21T18:30+09:00",
"description": "Lunascape may use unsafe methods for determining how to load DLLs.\r\n\r\nLunascape is a web browser. Lunascape loads certain DLL\u0027s when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000004.html",
"sec:cpe": {
"#text": "cpe:/a:lunascape:lunascape",
"@product": "Lunascape",
"@vendor": "Lunascape",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000004",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN94695018/index.html",
"@id": "JVN#94695018",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3927",
"@id": "CVE-2010-3927",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3927",
"@id": "CVE-2010-3927",
"@source": "NVD"
},
{
"#text": "http://www.kb.cert.org/vuls/id/707943",
"@id": "VU#707943",
"@source": "CERT-VN"
},
{
"#text": "http://secunia.com/advisories/43003",
"@id": "SA43003",
"@source": "SECUNIA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Lunascape may insecurely load dynamic libraries"
}
jvndb-2007-000322
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Lunascape RSS reader arbitrary script execution vulnerability
Details
A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000322.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "A vulnerability exists in the web browser Lunascape\u0027s RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000322.html",
"sec:cpe": {
"#text": "cpe:/a:lunascape:lunascape",
"@product": "Lunascape",
"@vendor": "Lunascape",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000322",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN36628264/index.html",
"@id": "JVN#36628264",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2335",
"@id": "CVE-2007-2335",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2335",
"@id": "CVE-2007-2335",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/25000",
"@id": "SA25000",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/23665",
"@id": "23665",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1538",
"@id": "FrSIRT/ADV-2007-1538",
"@source": "FRSIRT"
}
],
"title": "Lunascape RSS reader arbitrary script execution vulnerability"
}