Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by CGI RESCUE
JVNDB-2015-000087
Vulnerability from jvndb - Published: 2015-06-12 14:12 - Updated:2015-06-16 16:51Summary
BloBee vulnerable to arbitrary file creation
Details
BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files (CWE-20).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000087.html",
"dc:date": "2015-06-16T16:51+09:00",
"dcterms:issued": "2015-06-12T14:12+09:00",
"dcterms:modified": "2015-06-16T16:51+09:00",
"description": "BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files (CWE-20).\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000087.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:blobee",
"@product": "BloBee",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000087",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN24336273/index.html",
"@id": "JVN#24336273",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2962",
"@id": "CVE-2015-2962",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2962",
"@id": "CVE-2015-2962",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "BloBee vulnerable to arbitrary file creation"
}
JVNDB-2009-000028
Vulnerability from jvndb - Published: 2009-05-19 13:41 - Updated:2009-05-19 13:41Summary
Trees from CGI RESCUE vulnerable to cross-site scripting
Details
Trees from CGI RESCUE contains a cross-site scripting vulnerability
Trees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000028.html",
"dc:date": "2009-05-19T13:41+09:00",
"dcterms:issued": "2009-05-19T13:41+09:00",
"dcterms:modified": "2009-05-19T13:41+09:00",
"description": "Trees from CGI RESCUE contains a cross-site scripting vulnerability\r\n\r\nTrees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000028.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:trees",
"@product": "Trees",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000028",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28521500/index.html",
"@id": "JVN#28521500",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1790",
"@id": "CVE-2009-1790",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1790",
"@id": "CVE-2009-1790",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/35123",
"@id": "SA35123",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/34999",
"@id": "34999",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/50579",
"@id": "50579",
"@source": "XF"
},
{
"#text": "http://osvdb.org/54545",
"@id": "54545",
"@source": "OSVDB"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000028.html",
"@id": "JVNDB-2009-000028",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Trees from CGI RESCUE vulnerable to cross-site scripting"
}
JVNDB-2009-000024
Vulnerability from jvndb - Published: 2009-04-28 16:36 - Updated:2009-04-28 16:36Summary
Web Mailer from CGI RESCUE vulnerable to HTTP header injection
Details
Web Mailer from CGI RESCUE contains a HTTP header injection vulnerability.
Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability.
This vulnerability has been fixed and an updated version was released on February 9, 2009.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000024.html",
"dc:date": "2009-04-28T16:36+09:00",
"dcterms:issued": "2009-04-28T16:36+09:00",
"dcterms:modified": "2009-04-28T16:36+09:00",
"description": "Web Mailer from CGI RESCUE contains a HTTP header injection vulnerability.\r\n\r\nWeb Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability.\r\n\r\nThis vulnerability has been fixed and an updated version was released on February 9, 2009.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000024.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:ebmailer",
"@product": "Webmailer",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000024",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28020230/index.html",
"@id": "JVN#28020230",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1591",
"@id": "CVE-2009-1591",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1591",
"@id": "CVE-2009-1591",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/34862",
"@id": "SA34862",
"@source": "SECUNIA"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000024.html",
"@id": "JVNDB-2009-000024",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Web Mailer from CGI RESCUE vulnerable to HTTP header injection"
}
JVNDB-2009-000021
Vulnerability from jvndb - Published: 2009-04-28 16:35 - Updated:2009-04-28 16:35Summary
MiniBBS22 from CGI RESCUE allows unauthorized email transmission
Details
MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.
MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration.
This vulnerability has been fixed and an updated version was released on December 13, 2008.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000021.html",
"dc:date": "2009-04-28T16:35+09:00",
"dcterms:issued": "2009-04-28T16:35+09:00",
"dcterms:modified": "2009-04-28T16:35+09:00",
"description": "MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nMiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nThis vulnerability has been fixed and an updated version was released on December 13, 2008.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000021.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:mini_bbs22",
"@product": "MiniBBS22",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000021",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN36982346/index.html",
"@id": "JVN#36982346",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1589",
"@id": "CVE-2009-1589",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1589",
"@id": "CVE-2009-1589",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000021.html",
"@id": "JVNDB-2009-000021",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "MiniBBS22 from CGI RESCUE allows unauthorized email transmission"
}
JVNDB-2009-000022
Vulnerability from jvndb - Published: 2009-04-28 16:35 - Updated:2009-04-28 16:35Summary
Cross-site scripting vulnerability in MiniBBS from CGI RESCUE
Details
MiniBBS from CGI RESCUE contains a cross-site scripting vulnerability.
MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability.
This vulnerability has been fixed and an updated version was released on December 13, 2008.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000022.html",
"dc:date": "2009-04-28T16:35+09:00",
"dcterms:issued": "2009-04-28T16:35+09:00",
"dcterms:modified": "2009-04-28T16:35+09:00",
"description": "MiniBBS from CGI RESCUE contains a cross-site scripting vulnerability.\r\n\r\nMiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability has been fixed and an updated version was released on December 13, 2008.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000022.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:mini_bbs",
"@product": "MiniBBS",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN11396739/index.html",
"@id": "JVN#11396739",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1588",
"@id": "CVE-2009-1588",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1588",
"@id": "CVE-2009-1588",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/34887",
"@id": "SA34887",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/34718",
"@id": "34718",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/50219",
"@id": "50219",
"@source": "XF"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000022.html",
"@id": "JVNDB-2009-000022",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cross-site scripting vulnerability in MiniBBS from CGI RESCUE"
}
JVNDB-2009-000023
Vulnerability from jvndb - Published: 2009-04-28 16:35 - Updated:2009-04-28 16:35Summary
FORM2MAIL from CGI RESCUE allows unauthorized email transmission
Details
FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.
FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration.
This vulnerability has been fixed and an updated version was released on December 13, 2008.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html",
"dc:date": "2009-04-28T16:35+09:00",
"dcterms:issued": "2009-04-28T16:35+09:00",
"dcterms:modified": "2009-04-28T16:35+09:00",
"description": "FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nFORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration.\r\n\r\nThis vulnerability has been fixed and an updated version was released on December 13, 2008.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:form2mail",
"@product": "FORM2MAIL",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000023",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN76370393/index.html",
"@id": "JVN#76370393",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1590",
"@id": "CVE-2009-1590",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1590",
"@id": "CVE-2009-1590",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/34869",
"@id": "SA34869",
"@source": "SECUNIA"
},
{
"#text": "http://osvdb.org/54097",
"@id": "54097",
"@source": "OSVDB"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000023.html",
"@id": "JVNDB-2009-000023",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "FORM2MAIL from CGI RESCUE allows unauthorized email transmission"
}
JVNDB-2008-000078
Vulnerability from jvndb - Published: 2008-11-26 17:50 - Updated:2009-04-30 15:35Summary
CGI RESCUE MiniBBS2000 directory traversal vulnerability
Details
MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability.
MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability.
The vendor reported that the downloadable files addressing this vulnerability were incorrect (v1.02). Files currently available are version v1.03, where this vulnerability has been fixed. For more information, refer to the vendor's website.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000078.html",
"dc:date": "2009-04-30T15:35+09:00",
"dcterms:issued": "2008-11-26T17:50+09:00",
"dcterms:modified": "2009-04-30T15:35+09:00",
"description": "MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability.\r\n\r\nMiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability.\r\n\r\nThe vendor reported that the downloadable files addressing this vulnerability were incorrect (v1.02). Files currently available are version v1.03, where this vulnerability has been fixed. For more information, refer to the vendor\u0027s website.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000078.html",
"sec:cpe": [
{
"#text": "cpe:/a:cgi_rescue:kanni_bbs2000",
"@product": "KanniBBS2000",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
{
"#text": "cpe:/a:cgi_rescue:kanni_bbs2000i",
"@product": "KanniBBS2000i",
"@vendor": "CGI RESCUE",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000078",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN86833991/index.html",
"@id": "JVN#86833991",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5723",
"@id": "CVE-2008-5723",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5723",
"@id": "CVE-2008-5723",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000078.html",
"@id": "JVNDB-2008-000078",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "CGI RESCUE MiniBBS2000 directory traversal vulnerability"
}
JVNDB-2006-000624
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
CGI RESCUE WebFORM allows unauthorized email transmission
Details
WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.
According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000624.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.\r\n\r\nAccording to the vendor\u0027s information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000624.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:form2mail",
"@product": "FORM2MAIL",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000624",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN39570254/index.html",
"@id": "JVN#39570254",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2944",
"@id": "CVE-2006-2944",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2944",
"@id": "CVE-2006-2944",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/20515",
"@id": "SA20515",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/18434",
"@id": "18434",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/2234",
"@id": "FrSIRT/ADV-2006-2234",
"@source": "FRSIRT"
}
],
"title": "CGI RESCUE WebFORM allows unauthorized email transmission"
}
JVNDB-2006-000625
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
CGI RESCUE WebFORM allows unauthorized email transmission
Details
WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.
According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.\r\n\r\nAccording to the vendor\u0027s information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:webform",
"@product": "WebFORM",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000625",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN39570254/index.html",
"@id": "JVN#39570254",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2943",
"@id": "CVE-2006-2943",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2943",
"@id": "CVE-2006-2943",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/20515",
"@id": "SA20515",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/18434",
"@id": "18434",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/2234",
"@id": "FrSIRT/ADV-2006-2234",
"@source": "FRSIRT"
}
],
"title": "CGI RESCUE WebFORM allows unauthorized email transmission"
}
JVNDB-2007-000085
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
CGI RESCUE WebFORM vulnerable to HTTP header injection
Details
WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:webform",
"@product": "WebFORM",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000085",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN05088443/index.html",
"@id": "JVN#05088443",
"@source": "JVN"
},
"title": "CGI RESCUE WebFORM vulnerable to HTTP header injection"
}
JVNDB-2007-000087
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
CGI RESCUE WebFORM missing mail content vulnerability
Details
WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:webform",
"@product": "WebFORM",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000087",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN24879092/index.html",
"@id": "JVN#24879092",
"@source": "JVN"
},
"title": "CGI RESCUE WebFORM missing mail content vulnerability"
}
JVNDB-2006-000648
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
mail f/w system vulnerable to allow unauthorized email transmissionk
Details
mail f/w system is software that enables the the emailing of the contents of a form.
A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000648.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "mail f/w system is software that enables the the emailing of the contents of a form.\r\nA vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000648.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:mail_f_w_system",
"@product": "mail f/w system",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000648",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN11048526/index.html",
"@id": "JVN#11048526",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4344",
"@id": "CVE-2006-4344",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4344",
"@id": "CVE-2006-4344",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/21543",
"@id": "SA21543",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/19676",
"@id": "19676",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/3359",
"@id": "FrSIRT/ADV-2006-3359",
"@source": "FRSIRT"
},
{
"#text": "http://www.osvdb.org/28131",
"@id": "28131",
"@source": "OSVDB"
}
],
"title": "mail f/w system vulnerable to allow unauthorized email transmissionk"
}
JVNDB-2007-000088
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Shopping Basket Professional vulnerable to OS command injection
Details
Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000088.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000088.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:shopping_basket_pro",
"@product": "Shopping Basket Pro",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000088",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82258242/index.html",
"@id": "JVN#82258242",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0565",
"@id": "CVE-2007-0565",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0565",
"@id": "CVE-2007-0565",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/23909/",
"@id": "SA23909",
"@source": "SECUNIA"
}
],
"title": "Shopping Basket Professional vulnerable to OS command injection"
}
JVNDB-2007-000639
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Shopping Basket Pro directory traversal vulnerability
Details
A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE.
Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000639.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE.\r\n\r\nShopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000639.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:shopping_basket_pro",
"@product": "Shopping Basket Pro",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000639",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20452446/index.html",
"@id": "JVN#20452446",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4655",
"@id": "CVE-2007-4655",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4655",
"@id": "CVE-2007-4655",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26614",
"@id": "SA26614",
"@source": "SECUNIA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Shopping Basket Pro directory traversal vulnerability"
}
JVNDB-2007-000086
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
CGI RESCUE WebFORM vulnerable to cross-site scripting
Details
WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html",
"sec:cpe": {
"#text": "cpe:/a:cgi_rescue:webform",
"@product": "WebFORM",
"@vendor": "CGI RESCUE",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000086",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN05123538/index.html",
"@id": "JVN#05123538",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0547",
"@id": "CVE-2007-0547",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0547",
"@id": "CVE-2007-0547",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/23913/",
"@id": "SA23913",
"@source": "SECUNIA"
}
],
"title": "CGI RESCUE WebFORM vulnerable to cross-site scripting"
}