5625 matches found
JVN#75028871: CG-WLR300GNV Series does not limit authentication attempts
CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Impact An unauthenticated attacker within wireless range of the device may perfor...
JVN#55428526: Deep Discovery Inspector vulnerable to remote code execution
Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability. Impact An attacker who can access the product as an administrator may execute arbitrary code with the root privilege. Solution For Deep Discovery Inspector 3.5 and later: Apply the patch...
JVN#24143619: WebARENA formmail vulnerable to cross-site scripting
formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information...
JVN#43076390: Web Mailing List vulnerable to cross-site scripting
Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...
a-blog cms vulnerable to cross-site scripting
Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
JVN#47164236: AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page, information such as settings may be altered unintentionaly. Solution Update the Firmware Update to the latest firmware version according ...
JVN#28042424: Cybozu Office vulnerable to information disclosure
Cybozu Office contains an information disclosure vulnerability in the mail function. Impact When a specially crafted mail is opened, images files accessible by authenticated users may be obtained by a third-party. Solution Update the Software Update to the latest version according to the...
JVN#22533124: Adobe Flash Player issue where iframe contents may be overwritten
Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten. Impact Processing specially crafted Flash content may lead to iframe contents being overwritten. Solution Apply an Update Update to the latest version according to the...
JVN#72891124: p++BBS vulnerable to cross-site scripting
p++BBS provided by Let's PHP! contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected p++BBS...
JVN#18889193: Apache Cordova vulnerable to improper application of whitelist restrictions
Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. Android applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Impact Accessing a specially crafted URL...
JVN#27462572: AjaXplorer vulnerable to directory traversal
AjaXplorer contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact An authenticated attacker may view files on the server. Solution Use Pydio The developer states that the development of AjaXplorer has been discontinued and there are no...
JVN#69175956: Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting
Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site scripting CWE-79 vulnerability in admin.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Replace admin.php with a new version according to...
JVN#77386811: Explorer+ File Manager vulnerable to directory traversal
Explorer+ File Manager provided by Droidware UK contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...
JVN#51176150: ZenPhoto20 vulnerable to cross-site scripting
ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#41281927: LINE vulnerable to script injection
LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker. Impac...
JVN#09871547: Maroyaka Image Album vulnerable to cross-site scripting
Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...
JVN#62298871: KENT-WEB Clip Board vulnerability where arbitary files may be deleted
Clip Board provided by KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. KENT-WEB Clip Board contains a vulnerability that may allow a remote attacker to delete arbitrary files. Impact A remote attacker may delete arbitrary files on the server...
JVN#55365709: AL-Mail32 vulnerable to denial-of-service (DoS)
AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a denial-of-service DoS vulnerability due to a flaw in processing attachments. Impact Processing an attachment with a specially crafted file name may cause the software to become unresponsive. Solution Upda...
JVN#96155055: PerlTreeBBS vulnerable to cross-site scripting
PerlTreeBBS from Homepage Decorator is a tree-structured bulletin board software. PerlTreeBBS contains a persistent cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according ...
JVN#14691234: Multiple Cybozu products vulnerable to buffer overflow
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#63587560: Huawei E5332 vulnerable to denial-of-service (DoS)
Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting. Impact An attacker that can send requests to the device may cause the device to become...
JVN#80310172: Piwigo vulnerable to cross-site scripting
Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability when the "Community" plugin is activated and validation on user uploaded photos is disabled. Impact When a user views a specially crafted image, arbitrary JavaScript may be execute...
JVN#36028879: Meridian vulnerable to cross-site scripting
Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...
JVN#93004610: Redmine vulnerable to open redirect
Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter. Impact A user who logs into Redmine may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Upda...
JVN#14282890: Silex vulnerable to cross-site scripting
Silex is a software to build websites. Silex contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected Silex...
JVN#81706478: Cybozu Garoon Keitai vulnerable to authentication bypass
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability. Impact When an attacker sends a specially crafted request that includes a user ID for a user that has the Keitai function enabled, authentication using Keitai may be bypasse...
JVN#03082733: D-Link DWL-2100AP vulnerable to denial-of-service (DoS)
DWL-2100AP provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Impact A user who can login with SSH may cause the product to reboot. Solution Update the Firmware Update the firmware to version R252JP-RC572 or later according to the...
JVN#79301570: Angel Browser vulnerable in the WebView class
Angel Browser is a web browser for Android devices. Angel Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Update to...
JVN#99813183: Galapagos Browser vulnerable in the WebView class
Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Do not use Galapagos...
JVN#23465354: MosP kintai kanri fails to restrict access permissions
MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an issue where access permissions are not restricted. Impact A user's information may be obtained by another user with a MosP kintai kanri account. Solution Update the software Update to the latest...
JVN#01598734: GoodReader vulnerable to cross-site scripting
GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Impact When GoodReader is used through a web browser, an arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
The hash table implementation in Ruby contains an issue, where it may intentionally create a series of strings whose hash values collide. As a result, a denial-of-service DoS attack may be conducted. Impact When processing a series of specially crafted strings, a denial-of-service DoS may occur...
JVN#29083866: Segue vulnerable to cross-site scripting
Segue is a content management system. Segue contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Segue Segue services will no longer be available after August 31, 2012. Refer to the information provided by the...
JVN#63941302: WEB MART from KENT-WEB vulnerable to cross-site scripting
WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...
JVN#63249231: Cogent DataHub vulnerable to HTTP header injection
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Impact If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on th...
JVN#34980730: A-Form vulnerable in restricting access
A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions. Impact Information managed by A-Form may be altered by a user who does not have administrative privileges. Solution Update the Software Update to the late...
JVN#16617002: BaserCMS vulnerable to access restriction
BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed. Impact Users without administrative privileges may obtain administrative...
JVN#28973089: SemanticScuttle vulnerable to cross-site scripting
SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...
JVN#43105011: Android vulnerability where an incorrect SSL certificate is displayed
Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site. Impact An attacker may trick the user into believing the site being visited is safe, which may...
JVN#17844633: XnView may insecurely load executable files
XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...
JVN#01547302: ALZip vulnerable to buffer overflow
ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Impact When opening a specially crafted file, arbitrary code may be executed. Solution Re-install the software Download ALZip 8.21 after...
JVN#29212182: Java Web Start may insecurely load policy files
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load policy files. Impact An attacker may execute arbitrary code with the...
JVN#45658190: Movable Type vulnerable to cross-site scripting
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...
JVN#99977321: Picasa may insecurely load executable files
Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the runni...
JVN#85821104 Active! mail 2003 session ID disclosure vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email may be viewed or configurations may be...
JVN#33822756 Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by...
JVN#20478978 Site Calendar 'mycaljp' vulnerable to cross-site scripting
Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...
JVN#21388501 ColdFusion vulnerable to cross-site scripting
ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the...
JVN#43233160 Cross-site scripting vulnerability in SKIP from SKIP User Group
SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on certain web browsers. Solution Update the software Update to the latest version according to the information provid...
JVN#33846134 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of...