CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fujitsu : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3898 79 XSS 2014-08-14 2014-08-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2 CVE-2013-7105 119 Overflow 2013-12-14 2013-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs."
3 CVE-2010-2151 352 CSRF 2010-06-03 2010-06-04
2.6
None Remote High Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.
4 CVE-2010-2150 79 XSS 2010-06-03 2010-06-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5 CVE-2010-2149 287 2010-06-03 2010-09-21
4.0
None Remote High Not required Partial Partial None
Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors.
6 CVE-2010-1942 +Info 2010-05-19 2010-05-26
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device.
7 CVE-2009-0868 20 Http R.Spl. 2009-03-10 2010-09-20
6.8
None Remote Medium Not required Partial Partial Partial
CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
8 CVE-2009-0867 200 +Info 2009-03-10 2009-03-11
5.0
None Remote Low Not required Partial None None
The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection.
9 CVE-2009-0271 22 Dir. Trav. 2009-01-26 2009-01-26
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
10 CVE-2009-0270 119 Exec Code Overflow 2009-01-26 2009-03-06
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.
11 CVE-2009-0264 119 Overflow 2009-01-26 2009-02-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.
12 CVE-2008-7195 DoS 2009-09-10 2009-09-17
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server Enterprise Edition 7.0.1 for Solaris, allows attackers to cause a denial of service via unknown vectors related to SSL.
13 CVE-2008-7194 DoS 2009-09-10 2010-12-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request.
14 CVE-2008-3776 22 Dir. Trav. 2008-08-25 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
15 CVE-2008-3126 119 Exec Code Overflow 2008-07-10 2009-03-18
6.5
None Remote Low Single system Partial Partial Partial
Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL.
16 CVE-2008-2674 2008-06-12 2009-04-08
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors.
17 CVE-2008-1207 119 DoS Overflow 2008-03-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value.
18 CVE-2008-1040 119 Exec Code Overflow 2008-02-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.
19 CVE-2007-5366 22 Dir. Trav. +Info 2007-10-11 2008-11-15
5.0
None Remote Low Not required Partial None None
The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.
20 CVE-2007-3012 +Info 2007-07-05 2012-10-30
5.0
None Remote Low Not required Partial None None
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm.
21 CVE-2007-3011 Exec Code 2007-07-05 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.
22 CVE-2007-1505 +Info 2007-03-19 2008-11-13
2.1
None Local Low Not required Partial None None
Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.
23 CVE-2007-1504 XSS 2007-03-19 2008-11-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes.
24 CVE-2006-3579 79 XSS 2006-07-13 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
25 CVE-2006-3578 Dir. Trav. 2006-07-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors.
26 CVE-2006-2517 Exec Code Sql 2006-05-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
27 CVE-2006-2240 DoS 2006-05-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite.
28 CVE-2003-1528 59 2003-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.
29 CVE-2002-2212 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
30 CVE-1999-0672 Overflow 1999-08-01 2008-09-09
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.
Total number of vulnerabilities : 30   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.