5625 matches found
Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP
Overview Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities. FTP Bounce Attack in PASV mode Buffer overflow at file transmission Defect of the account information check in user authentication Impact A remote attacker could access arbitrary files in system. Solution Please...
Pebble vulnerable to HTTP header injection
Overview Pebble contains an HTTP header injection vulnerability. Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability. Takahisa Kishiya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Pebble vulnerability where entries may become unviewable
Overview Pebble contains a vulnerability where blog entries may become unviewable due to a specially crafted comment being posted. Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability wher...
MosP kintai kanri vulnerable to authentication bypass
Overview MosP kintai kanri contains an authentication bypass vulnerability. MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
MosP kintai kanri fails to restrict access permissions
Overview MosP kintai kanri contains an issue where access permissions are not restricted. MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an issue where access permissions are not restricted. Masako Ohno reported this vulnerability to IPA. JPCERT/CC...
MyWebSearch vulnerable to cross-site scripting
Overview MyWebSearch contains a cross-site scripting vulnerability. MyWebSearch is a CGI script for searching within a website. MyWebSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to t...
jigbrowser+ for Android vulnerable in the WebView class
Overview jigbrowser+ for Android contains a vulnerability in the WebView class. jigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/...
Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service
Overview Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. contains a denial-of-service DoS vulnerability. Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. is an anti-virus package that scans emails. Email Anti-virus formerly WebShield SMTP contains a...
Yahoo! Browser vulnerable in the WebView class
Overview Yahoo! Browser contains a vulnerability in the WebView class. Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...
Zenphoto vulnerable to cross-site scripting
Overview Zenphoto contains a cross-site scripting vulnerability. Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
Flash Player issue in implementations of the Same Origin Policy
Overview Flash Player contains an issue in implementations of the Same Origin Policy. SoundMixer.computeSpectrum method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA. JPCERT/...
SEIL series fail to restrict access permissions
Overview SEIL series contain an issue where access permissions are not restricted. SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted. Impact An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL...
Sybase EAServer vulnerable to cross-site scripting
Overview EAServer contains a cross-site scripting vulnerability. EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
baserCMS vulnerable to session management
Overview baserCMS contains a vulnerability in session management. baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability in session management. Impact If a web server is hosting several websites, and baserCMS are installed on the respective websites, an...
WEB MART from KENT-WEB vulnerable to cross-site scripting
Overview WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability. WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secu...
Arbitrary Code Execution Vulnerability in Hitachi COBOL GUI Option on Windows
Overview Hitachi COBOL GUI Option on Windows contains a vulnerability where arbitrary code may be executed. This problem does not occur when only the following runtime products are solely used. COBOL GUI Option Run Time System Version 6 COBOL GUI Option Server Run Time System Version 6 COBOL GUI...
OSQA vulnerable to cross-site scripting
Overview OSQA The Open Source Q system contains a cross-site scripting vulnerability. OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
Multiple JustSystems products may insecurely load dynamic libraries
Overview Multiple JustSystems products may use unsafe methods for determining how to load DLL's. Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA...
Vulnerability in Fujitsu Interstage List Works Where Permissions Cannot Be Denied
Overview Fujitsu Interstage List Works has a vulnerability where, when Everyone or a group is granted permissions to access the archive folder and data through the management tool or command line, denying permissions for a specific user who belongs to these groups fails and is not reflected on th...
twicca fails to restrict access permissions
Overview twicca contains an issue where access permissions are not restricted. twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each produ...
Apache Struts 2 vulnerable to an arbitrary Java method execution
Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...
Pocket WiFi (GP02) vulnerable to cross-site request forgery
Overview Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Pocket WiFi GP02 provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA...
Arbitrary Code Execution Vulnerability in Hitachi COBOL2002
Overview Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite contain a vulnerability where arbitrary code may be executed. Impact A remote attacker could execute arbitrary code via unknown attack vectors. Solution Please refer to the 'Vendor Information' section for the offici...
Hitachi IT Operations Director Cross-Site Scripting Vulnerability
Overview Hitachi IT Operations Director contains a cross-site scripting vulnerability. Impact A remote attacker could inject arbitrary web script or HTML. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Hitachi IT Operations Analyzer Cross-Site Scripting Vulnerability
Overview Hitachi IT Operations Analyzer contains a cross-site scripting vulnerability. Impact A remote attacker could inject arbitrary web script or HTML. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
osCommerce Japanese version vulnerable to cross-site scripting
Overview osCommerce Japanese version contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this...
osCommerce vulnerable to directory traversal
Overview osCommerce contains a directory traversal vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to...
Oracle WebLogic Server vulnerable to cross-site scripting
Overview Oracle WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Minetoshi Takizawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
An authentication information Exposure Vulnerability in JP1/IT Resource Management - Manager
Overview An authentication information exposure vulnerability was found in JP1/IT Resource Management - Manager. Impact An authentication information might be exposured. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Movable Type Plugin MailForm vulnerable to cross-site scripting
Overview MailForm contains a cross-site scripting vulnerability. MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
PukiWiki Plus! vulnerable to cross-site scripting
Overview PukiWiki Plus! contains a cross-site scripting vulnerability. PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Koki Nakayasu of Keiji Takeda Lab, Keio...
Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK
Overview Products that use the Preboot Execution Environment PXE SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories...
Opengear console servers vulnerable to authentication bypass
Overview Opengear console servers contains an authentication bypass vulnerability. Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability. Tadayoshi Nakahira reported this vulnerability to IPA. JPCERT/CC...
Safari for iOS vulnerable to cross-site scripting
Overview Safari for iOS provided by Apple contains a cross-site scripting vulnerability. Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc...
DBD::mysqlPP vulnerable to SQL injection
Overview DBD::mysqlPP contains a SQL injection vulnerability. DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
DAEMON Tools vulnerable to denial-of-service
Overview DAEMON Tools contains a denial-of-service DoS vulnerability. DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service DoS vulnerability. Satoshi Tanda of Fourteenforty Research Institute Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...
Plume vulnerable to cross-site scripting
Overview Plume contains a cross-site scripting vulnerability. Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
SemanticScuttle vulnerable to cross-site scripting
Overview SemanticScuttle contains a cross-site scripting vulnerability. SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Megalith vulnerable to authentication bypass
Overview Megalith contains an authentication bypass vulnerability. Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to...
Juniper Networks IDP ACM vulnerable to cross-site scripting
Overview Juniper Networks IDP ACM Appliance Configuration Manager contains a cross-site scripting vulnerability. Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Lt...
Sage vulnerable to arbitrary script execution
Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN99203127. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...
WebsiteBaker vulnerable to cross-site scripting
Overview WebsiteBaker contains a cross-site scripting vulnerability. WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Aipo vulnerable to cross-site request forgery
Overview Aipo contains a cross-site request forgery vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated...
Arbitrary Code Execution Vulnerability in HiRDB Control Manager
Overview HiRDB Control Manager - Agent contains a vulnerability that could allow a remote attacker to execute arbitrary code when it receives an unexpected, invalid request. Impact A remote attacker could execute arbitrary code via an unexpected, invalid request. Solution Please refer to the...
Mozilla Firefox vulnerable to cross-site scripting
Overview Mozilla Firefox contains a cross-site scripting vulnerability. Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...
Mozilla Firefox vulnerable to denial-of-service (DoS)
Overview Mozilla Firefox contains a denial-of-service DoS vulnerability. Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported...
Plone vulnerable to cross-site scripting
Overview Plone contains a cross-site scripting vulnerability. Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting...
Clipboard contents alteration vulnerability in Internet Explorer
Overview Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the...