Java Web Start may insecurely load policy files

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load policy files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...

JVN#50505257: Multiple Buffalo routers vulnerable to cross-site request forgery

Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Impact If a user views a malicious page while logged into the management screen, settings...

WordPress GRAND Flash Album Gallery Plugin 0.55 - Multiple Vulnerabilities

There are several vulnerabilities in this WordPress GRAND Flash Album Gallery plugin. First vulnerability is SQL injection that exists because of failure in the "/wp-content/plugins/flash-album-gallery/lib/hitcounter.php" script to properly sanitize user-supplied input in "pid" variable. It allow...

JVN#09115481: Cross-site scripting vulnerability in multiple Rocomotion products

Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. This issue h...

PT-2011-46: Information disclosure in SAP

The specialists of the Positive Research center have detected "Information disclosure" vulnerability in SAP. An Information Leakage vulnerability exists in the way SAProuter works with dynamic memory. The cause of the leakage is that SAProuter does not clear the dynamically captured memory before...

Clipboard contents alteration vulnerability in Grani

Overview Grani contains a vulnerability in which the contents of the clipboard may be altered. Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the...

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from JVN19173793, and other issues that were previously published on JVN. Impact When opening a specially crafted file...

Multiple Yokka provided products may insecurely load executable files

Overview Multiple products provided by Yokka may use unsafe methods for determining how to load executables .exe. Multiple products provided by Yokka such as text editors, contain an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerabili...

Sleipnir and Grani may insecurely load dynamic libraries

Overview Sleipnir and Grani may use unsafe methods for determining how to load DLLs. Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurel...

Archive Decoder may insecurely load executable files

Overview Archive Decoder may use unsafe methods for determining how to load executables .exe. Archive Decoder is a file extraction software that supports multiple file en extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Makoto...

K2Editor may insecurely load executable files

Overview K2Editor may use unsafe methods for determining how to load executables .exe. K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may...

Lhasa may insecurely load executable files

Overview Lhasa may use unsafe methods for determining how to load executables .exe. Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load...

JVN#75101998: moobbs2 vulnerable to cross-site scripting

moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...

JVN#92854093 Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

tDiary plugin tb-send.rb vulnerable to cross-site scripting

Overview tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. The developer has confirmed that tDiary 2.3.x are not affected by this vulnerability. Project VEX of UBsecure, Inc...

WebCalenderC3 vulnerable to directory traversal

Overview WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

JVN#09872874 Movable Type access restriction bypass vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or modify information stored by Movable Type. Solution Update the Software...

JVN#00152874 P forum vulnerable to directory traversal

P forum from Rocomotion is a bulletin board software. P forum contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer. This...

JVN#85821104 Active! mail 2003 session ID disclosure vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email may be viewed or configurations may be...

JVN#06362164 SEIL/X Series and SEIL/B1 buffer overflow vulnerability

SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the URL filtering function, which may lead to a buffer overflow vulnerability. Impact When processing a specially crafted URL, a remote attacker may be able to execute arbitrary code. Solution...