5627 matches found
Accela BizSearch Gateway Option for TeamWARE Spoofing Vulnerability
Overview Accela BizSearch Gateway Option for TeamWARE, when the TeamWARE Gateway and Single Sign-On are enabled, which allows remote attackers to spoof user accounts of TeamWARE Office under specified conditions. Impact A remote attacker could spoof user accounts of TeamWARE Office under specifie...
Loctouch for Android vulnerable in handling of implicit intents
Overview Loctouch for Android contains a vulnerability in the handling of implicit intents. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...
Boat Browser / Boat Browser Mini vulnerable in the WebView class
Overview Boat Browser and Boat Browser Mini contain an issue in the WebView class. Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc...
KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
Overview ACCESS REPORT provided by KENT-WEB contains a cross-site scripting vulnerability. ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded int...
Multiple KYOCERA mobile devices may reboot during email reception
Overview Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will...
Pebble vulnerable to open redirect
Overview Pebble contains an open redirect vulnerability. Pebble is an open source weblog system. Pebble contains an open redirect vulnerability. Takahisa Kishiya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
Trend Micro Control Manager vulnerable to SQL injection
Overview Trend Micro Control Manager contains a SQL injection vulnerability. Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC. JPCERT/CC...
KUNAI Browser for Remote Service beta vulnerable in the WebView class
Overview KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class. KUNAI Browser for Remote Service beta is an Android browser software for using Cybozu. KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class. Impact When there is a maliciou...
Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
Overview Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker...
Cybozu Live for Android vulnerable in the WebView class
Overview Cybozu Live for Android contains a vulnerability in the WebView class. Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability ...
Cybozu Live for Android vulnerable to arbitrary Java method execution
Overview Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc...
Sleipnir Mobile for Android vulnerable to arbitrary script execution
Overview Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc...
Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Overview Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Direction...
LINE for Android vulnerable in handling of implicit intents
Overview LINE for Android contains a vulnerability in the handling of implicit intents. LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...
Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
Overview Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered. Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Keita Haga of keitahaga.com reported this vulnerability to...
Sleipnir Mobile for Android vulnerable in the WebView class
Overview Sleipnir Mobile for Android contains a vulnerability in the WebView class. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...
Yome Collection for Android issue in management of IMEI
Overview Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity IMEI on a SD card. Applications without the READPHONESTATE permission may obtain the IMEI from the SD card. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University...
Dolphin Browser vulnerable in the WebView class
Overview Dolphin Browser contains a vulnerability in the WebView class. Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
FeedDemon vulnerable to arbitrary script execution
Overview FeedDemon is vulnerable to arbitrary script execution. FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Daiki Fukumori of Cybe...
WordPress plugin WassUp vulnerable to cross-site scripting
Overview The WordPress plugin WassUp contains a cross-site scripting vulnerability. WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Puella Magi Madoka Magica iP for Android vulnerable to information disclosure
Overview Puella Magi Madoka Magica iP for Android contains an information disclosure vulnerability. Puella Magi Madoka Magica iP for Android has a function to link with a Twitter account. Puella Magi Madoka Magica iP for Android contains an issue where Twitter account credentials entered by a use...
Segue vulnerable to cross-site scripting
Overview Segue contains a cross-site scripting vulnerability. Segue is a content management system. Segue contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
TwitRocker2 (Android version) vulnerable in the WebView class
Overview TwitRocker2 Android version contains a vulnerability in the WebView class. TwitRocker2 is a client software for using twitter. TwitRocker2 Android version contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
SENCHA SNS vulnerable to cross-site request forgery
Overview SENCHA SNS contains a cross-site request forgery vulnerability. SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
Movable Type vulnerable to cross-site request forgery
Overview Movable Type contains a cross-site request forgery vulnerability. Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or...
glucose 2 vulnerable to arbitrary script execution
Overview glucose 2 is vulnerable to arbitrary script execution. glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
Cogent DataHub vulnerable to HTTP header injection
Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology...
phpWebSite vulnerable to cross-site scripting
Overview phpWebSite contains a cross-site scripting vulnerability. phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
Multiple SKYARC System Co., Ltd. products fail to restrict access permissions
Overview Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. Impact A user without the...
Safari for iOS vulnerable to cross-site scripting
Overview Safari for iOS provided by Apple contains a cross-site scripting vulnerability. Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc...
Pligg vulnerable to cross-site scripting
Overview Pligg contains a cross-site scripting vulnerability. Pligg is a Content Management System CMS. Pligg contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
Cybozu Office vulnerable in restricting access
Overview Cybozu Office contains a vulnerability in restricting access permissions. Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
BaserCMS vulnerable to access restriction
Overview BaserCMS contains a vulnerability in access restriction. BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed. Masako Ohn...
Multiple vulnerabilities in Phorum
Overview Phorum contains multiple vulnerabilities. Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
Mozilla Firefox vulnerability in processing content-length header
Overview Mozilla Firefox contains a vulnerability in the processing of content-length header. Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a malicious website ...
Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office contains a cross-site scripting vulnerability. Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. The "Ichitaro" series word processing software, from...
Java Web Start may insecurely load dynamic libraries
Overview Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path...
EC-CUBE vulnerable to cross-site request forgery
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site request forgery vulnerability. EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Masako Oono reported this vulnerability to IP...
Opera may insecurely load executable files
Overview Opera may use unsafe methods for determining how to load executables .exe. Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reporte...
SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
Overview SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA...
Google Chrome information disclosure vulnerability
Overview Google Chrome contains an information disclosure vulnerability. Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
TeraPad may insecurely load dynamic libraries
Overview TeraPad may use unsafe methods for determining how to load DLLs. TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this...
Cisco Router and Security Device Manager vulnerable to cross-site scripting
Overview Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability...
XOOPS Cube Legacy cross-site scripting vulnerability
Overview XOOPS Cube Legacy from XOOPS Cube Project contains a cross-site scripting vulnerability. XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Lega...
JP1/Integrated Management Service Support Cross-Site Scripting Vulnerability
Overview JP1/Integrated Management Service Support is vulnerable to cross-site scripting due to failure to properly process requests. Impact An attacker could perform cross-site scripting attacks by embedding malicious scripts in a request. Solution Please refer to the 'Vendor Information' sectio...
BrightStor ARCserve and eTrust Antivirus Arbitrary Code Execution Vulnerability
Overview BrightStor ARCserve Backup and eTrust Antirus r7.1 have a problem in handling RPC requests and are vulnerable to arbitrary code execution. Impact A remote authenticated attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official...
Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability
Overview The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files. Impact A remote attacker could read or delete arbitrary files. Solution Please refer to the 'Vendor Information' section fo...
Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability
Overview The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling. Impact A remote attacker could execute arbitrary code by sending a long URI. Solution Please refer to the 'Vendor Information' section for the vendor...