Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    15 vulnerabilities by CGI RESCUE

    JVNDB-2015-000087

    Vulnerability from jvndb - Published: 2015-06-12 14:12 - Updated:2015-06-16 16:51
    Severity
    N/A (UNKNOWN) - -
    Summary
    BloBee vulnerable to arbitrary file creation
    Details
    BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files (CWE-20). Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000087.html",
      "dc:date": "2015-06-16T16:51+09:00",
      "dcterms:issued": "2015-06-12T14:12+09:00",
      "dcterms:modified": "2015-06-16T16:51+09:00",
      "description": "BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files (CWE-20).\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000087.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:blobee",
        "@product": "BloBee",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.5",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000087",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN24336273/index.html",
          "@id": "JVN#24336273",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2962",
          "@id": "CVE-2015-2962",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2962",
          "@id": "CVE-2015-2962",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "BloBee vulnerable to arbitrary file creation"
    }

    JVNDB-2009-000028

    Vulnerability from jvndb - Published: 2009-05-19 13:41 - Updated:2009-05-19 13:41
    Severity
    N/A (UNKNOWN) - -
    Summary
    Trees from CGI RESCUE vulnerable to cross-site scripting
    Details
    Trees from CGI RESCUE contains a cross-site scripting vulnerability Trees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000028.html",
      "dc:date": "2009-05-19T13:41+09:00",
      "dcterms:issued": "2009-05-19T13:41+09:00",
      "dcterms:modified": "2009-05-19T13:41+09:00",
      "description": "Trees from CGI RESCUE contains a cross-site scripting vulnerability\r\n\r\nTrees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000028.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:trees",
        "@product": "Trees",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000028",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN28521500/index.html",
          "@id": "JVN#28521500",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1790",
          "@id": "CVE-2009-1790",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1790",
          "@id": "CVE-2009-1790",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/35123",
          "@id": "SA35123",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/34999",
          "@id": "34999",
          "@source": "BID"
        },
        {
          "#text": "http://xforce.iss.net/xforce/xfdb/50579",
          "@id": "50579",
          "@source": "XF"
        },
        {
          "#text": "http://osvdb.org/54545",
          "@id": "54545",
          "@source": "OSVDB"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000028.html",
          "@id": "JVNDB-2009-000028",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Trees from CGI RESCUE vulnerable to cross-site scripting"
    }

    JVNDB-2009-000024

    Vulnerability from jvndb - Published: 2009-04-28 16:36 - Updated:2009-04-28 16:36
    Severity
    N/A (UNKNOWN) - -
    Summary
    Web Mailer from CGI RESCUE vulnerable to HTTP header injection
    Details
    Web Mailer from CGI RESCUE contains a HTTP header injection vulnerability. Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. This vulnerability has been fixed and an updated version was released on February 9, 2009.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000024.html",
      "dc:date": "2009-04-28T16:36+09:00",
      "dcterms:issued": "2009-04-28T16:36+09:00",
      "dcterms:modified": "2009-04-28T16:36+09:00",
      "description": "Web Mailer from CGI RESCUE contains a HTTP header injection vulnerability.\r\n\r\nWeb Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability.\r\n\r\nThis vulnerability has been fixed and an updated version was released on February 9, 2009.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000024.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:ebmailer",
        "@product": "Webmailer",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000024",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN28020230/index.html",
          "@id": "JVN#28020230",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1591",
          "@id": "CVE-2009-1591",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1591",
          "@id": "CVE-2009-1591",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/34862",
          "@id": "SA34862",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000024.html",
          "@id": "JVNDB-2009-000024",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Web Mailer from CGI RESCUE vulnerable to HTTP header injection"
    }

    JVNDB-2009-000021

    Vulnerability from jvndb - Published: 2009-04-28 16:35 - Updated:2009-04-28 16:35
    Severity
    N/A (UNKNOWN) - -
    Summary
    MiniBBS22 from CGI RESCUE allows unauthorized email transmission
    Details
    MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration. MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration. This vulnerability has been fixed and an updated version was released on December 13, 2008.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000021.html",
      "dc:date": "2009-04-28T16:35+09:00",
      "dcterms:issued": "2009-04-28T16:35+09:00",
      "dcterms:modified": "2009-04-28T16:35+09:00",
      "description": "MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nMiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nThis vulnerability has been fixed and an updated version was released on December 13, 2008.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000021.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:mini_bbs22",
        "@product": "MiniBBS22",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000021",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN36982346/index.html",
          "@id": "JVN#36982346",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1589",
          "@id": "CVE-2009-1589",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1589",
          "@id": "CVE-2009-1589",
          "@source": "NVD"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000021.html",
          "@id": "JVNDB-2009-000021",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "MiniBBS22 from CGI RESCUE allows unauthorized email transmission"
    }

    JVNDB-2009-000022

    Vulnerability from jvndb - Published: 2009-04-28 16:35 - Updated:2009-04-28 16:35
    Severity
    N/A (UNKNOWN) - -
    Summary
    Cross-site scripting vulnerability in MiniBBS from CGI RESCUE
    Details
    MiniBBS from CGI RESCUE contains a cross-site scripting vulnerability. MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability. This vulnerability has been fixed and an updated version was released on December 13, 2008.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000022.html",
      "dc:date": "2009-04-28T16:35+09:00",
      "dcterms:issued": "2009-04-28T16:35+09:00",
      "dcterms:modified": "2009-04-28T16:35+09:00",
      "description": "MiniBBS from CGI RESCUE contains a cross-site scripting vulnerability.\r\n\r\nMiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability has been fixed and an updated version was released on December 13, 2008.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000022.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:mini_bbs",
        "@product": "MiniBBS",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000022",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN11396739/index.html",
          "@id": "JVN#11396739",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1588",
          "@id": "CVE-2009-1588",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1588",
          "@id": "CVE-2009-1588",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/34887",
          "@id": "SA34887",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/34718",
          "@id": "34718",
          "@source": "BID"
        },
        {
          "#text": "http://xforce.iss.net/xforce/xfdb/50219",
          "@id": "50219",
          "@source": "XF"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000022.html",
          "@id": "JVNDB-2009-000022",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Cross-site scripting vulnerability in MiniBBS from CGI RESCUE"
    }

    JVNDB-2009-000023

    Vulnerability from jvndb - Published: 2009-04-28 16:35 - Updated:2009-04-28 16:35
    Severity
    N/A (UNKNOWN) - -
    Summary
    FORM2MAIL from CGI RESCUE allows unauthorized email transmission
    Details
    FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration. FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration. This vulnerability has been fixed and an updated version was released on December 13, 2008.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html",
      "dc:date": "2009-04-28T16:35+09:00",
      "dcterms:issued": "2009-04-28T16:35+09:00",
      "dcterms:modified": "2009-04-28T16:35+09:00",
      "description": "FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nFORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nThis vulnerability has been fixed and an updated version was released on December 13, 2008.",
      "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:form2mail",
        "@product": "FORM2MAIL",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2009-000023",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN76370393/index.html",
          "@id": "JVN#76370393",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1590",
          "@id": "CVE-2009-1590",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1590",
          "@id": "CVE-2009-1590",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/34869",
          "@id": "SA34869",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://osvdb.org/54097",
          "@id": "54097",
          "@source": "OSVDB"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000023.html",
          "@id": "JVNDB-2009-000023",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "FORM2MAIL from CGI RESCUE allows unauthorized email transmission"
    }

    JVNDB-2008-000078

    Vulnerability from jvndb - Published: 2008-11-26 17:50 - Updated:2009-04-30 15:35
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE MiniBBS2000 directory traversal vulnerability
    Details
    MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability. MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability. The vendor reported that the downloadable files addressing this vulnerability were incorrect (v1.02). Files currently available are version v1.03, where this vulnerability has been fixed. For more information, refer to the vendor's website.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000078.html",
      "dc:date": "2009-04-30T15:35+09:00",
      "dcterms:issued": "2008-11-26T17:50+09:00",
      "dcterms:modified": "2009-04-30T15:35+09:00",
      "description": "MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability.\r\n\r\nMiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability.\r\n\r\nThe vendor reported that the downloadable files addressing this vulnerability were incorrect (v1.02). Files currently available are version v1.03, where this vulnerability has been fixed. For more information, refer to the vendor\u0027s website.",
      "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000078.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:cgi_rescue:kanni_bbs2000",
          "@product": "KanniBBS2000",
          "@vendor": "CGI RESCUE",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:cgi_rescue:kanni_bbs2000i",
          "@product": "KanniBBS2000i",
          "@vendor": "CGI RESCUE",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.4",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2008-000078",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN86833991/index.html",
          "@id": "JVN#86833991",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5723",
          "@id": "CVE-2008-5723",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5723",
          "@id": "CVE-2008-5723",
          "@source": "NVD"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000078.html",
          "@id": "JVNDB-2008-000078",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "CGI RESCUE MiniBBS2000 directory traversal vulnerability"
    }

    JVNDB-2006-000624

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM allows unauthorized email transmission
    Details
    WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000624.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.\r\n\r\nAccording to the vendor\u0027s information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.",
      "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000624.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:form2mail",
        "@product": "FORM2MAIL",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2006-000624",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN39570254/index.html",
          "@id": "JVN#39570254",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2944",
          "@id": "CVE-2006-2944",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2944",
          "@id": "CVE-2006-2944",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/20515",
          "@id": "SA20515",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/18434",
          "@id": "18434",
          "@source": "BID"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2006/2234",
          "@id": "FrSIRT/ADV-2006-2234",
          "@source": "FRSIRT"
        }
      ],
      "title": "CGI RESCUE WebFORM allows unauthorized email transmission"
    }

    JVNDB-2006-000625

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM allows unauthorized email transmission
    Details
    WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.\r\n\r\nAccording to the vendor\u0027s information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.",
      "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:webform",
        "@product": "WebFORM",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2006-000625",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN39570254/index.html",
          "@id": "JVN#39570254",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2943",
          "@id": "CVE-2006-2943",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2943",
          "@id": "CVE-2006-2943",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/20515",
          "@id": "SA20515",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/18434",
          "@id": "18434",
          "@source": "BID"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2006/2234",
          "@id": "FrSIRT/ADV-2006-2234",
          "@source": "FRSIRT"
        }
      ],
      "title": "CGI RESCUE WebFORM allows unauthorized email transmission"
    }

    JVNDB-2007-000085

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM vulnerable to HTTP header injection
    Details
    WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:webform",
        "@product": "WebFORM",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000085",
      "sec:references": {
        "#text": "http://jvn.jp/en/jp/JVN05088443/index.html",
        "@id": "JVN#05088443",
        "@source": "JVN"
      },
      "title": "CGI RESCUE WebFORM vulnerable to HTTP header injection"
    }

    JVNDB-2007-000087

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM missing mail content vulnerability
    Details
    WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:webform",
        "@product": "WebFORM",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000087",
      "sec:references": {
        "#text": "http://jvn.jp/en/jp/JVN24879092/index.html",
        "@id": "JVN#24879092",
        "@source": "JVN"
      },
      "title": "CGI RESCUE WebFORM missing mail content vulnerability"
    }

    JVNDB-2006-000648

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    mail f/w system vulnerable to allow unauthorized email transmissionk
    Details
    mail f/w system is software that enables the the emailing of the contents of a form. A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000648.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "mail f/w system is software that enables the the emailing of the contents of a form.\r\nA vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers.",
      "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000648.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:mail_f_w_system",
        "@product": "mail f/w system",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2006-000648",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN11048526/index.html",
          "@id": "JVN#11048526",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4344",
          "@id": "CVE-2006-4344",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4344",
          "@id": "CVE-2006-4344",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/21543",
          "@id": "SA21543",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/19676",
          "@id": "19676",
          "@source": "BID"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2006/3359",
          "@id": "FrSIRT/ADV-2006-3359",
          "@source": "FRSIRT"
        },
        {
          "#text": "http://www.osvdb.org/28131",
          "@id": "28131",
          "@source": "OSVDB"
        }
      ],
      "title": "mail f/w system vulnerable to allow unauthorized email transmissionk"
    }

    JVNDB-2007-000088

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    Shopping Basket Professional vulnerable to OS command injection
    Details
    Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000088.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000088.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:shopping_basket_pro",
        "@product": "Shopping Basket Pro",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.5",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000088",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN82258242/index.html",
          "@id": "JVN#82258242",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0565",
          "@id": "CVE-2007-0565",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0565",
          "@id": "CVE-2007-0565",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/23909/",
          "@id": "SA23909",
          "@source": "SECUNIA"
        }
      ],
      "title": "Shopping Basket Professional vulnerable to OS command injection"
    }

    JVNDB-2007-000639

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    Shopping Basket Pro directory traversal vulnerability
    Details
    A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE. Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000639.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE.\r\n\r\nShopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000639.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:shopping_basket_pro",
        "@product": "Shopping Basket Pro",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000639",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN20452446/index.html",
          "@id": "JVN#20452446",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4655",
          "@id": "CVE-2007-4655",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4655",
          "@id": "CVE-2007-4655",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/26614",
          "@id": "SA26614",
          "@source": "SECUNIA"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "Shopping Basket Pro directory traversal vulnerability"
    }

    JVNDB-2007-000086

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM vulnerable to cross-site scripting
    Details
    WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html",
      "sec:cpe": {
        "#text": "cpe:/a:cgi_rescue:webform",
        "@product": "WebFORM",
        "@vendor": "CGI RESCUE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000086",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN05123538/index.html",
          "@id": "JVN#05123538",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0547",
          "@id": "CVE-2007-0547",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0547",
          "@id": "CVE-2007-0547",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/23913/",
          "@id": "SA23913",
          "@source": "SECUNIA"
        }
      ],
      "title": "CGI RESCUE WebFORM vulnerable to cross-site scripting"
    }