5625 matches found
DAEMON Tools vulnerable to denial-of-service
Overview DAEMON Tools contains a denial-of-service DoS vulnerability. DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service DoS vulnerability. Satoshi Tanda of Fourteenforty Research Institute Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...
Plume vulnerable to cross-site scripting
Overview Plume contains a cross-site scripting vulnerability. Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
SemanticScuttle vulnerable to cross-site scripting
Overview SemanticScuttle contains a cross-site scripting vulnerability. SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Megalith vulnerable to authentication bypass
Overview Megalith contains an authentication bypass vulnerability. Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to...
Juniper Networks IDP ACM vulnerable to cross-site scripting
Overview Juniper Networks IDP ACM Appliance Configuration Manager contains a cross-site scripting vulnerability. Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Lt...
Sage vulnerable to arbitrary script execution
Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN99203127. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...
WebsiteBaker vulnerable to cross-site scripting
Overview WebsiteBaker contains a cross-site scripting vulnerability. WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Aipo vulnerable to cross-site request forgery
Overview Aipo contains a cross-site request forgery vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated...
Arbitrary Code Execution Vulnerability in HiRDB Control Manager
Overview HiRDB Control Manager - Agent contains a vulnerability that could allow a remote attacker to execute arbitrary code when it receives an unexpected, invalid request. Impact A remote attacker could execute arbitrary code via an unexpected, invalid request. Solution Please refer to the...
Mozilla Firefox vulnerable to cross-site scripting
Overview Mozilla Firefox contains a cross-site scripting vulnerability. Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...
Mozilla Firefox vulnerable to denial-of-service (DoS)
Overview Mozilla Firefox contains a denial-of-service DoS vulnerability. Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported...
Plone vulnerable to cross-site scripting
Overview Plone contains a cross-site scripting vulnerability. Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting...
Internet Explorer vulnerable to cross-site scripting
Overview Internet Explorer contains a cross-site scripting vulnerability. Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...
Clipboard contents alteration vulnerability in Internet Explorer
Overview Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Takesh...
La Fonera+ vulnerable to denial-of-service (DoS)
Overview La Fonera+ provided by FON contains a denial-of-service DoS vulnerability. La Fonera+ provided by FON is a wireless LAN router. La Fonera+ contains a denial-of-service DoS vulnerability. Impact An attacker who can communicate with La Fonera+ directly may cause a denial-of-service DoS...
IBM Tivoli vulnerable to denial-of-service (DoS)
Overview IBM Tivoli contains a denial-of-service DoS vulnerability. IBM Tivoli contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. A wide range of products are affected. For more information, refer to the vendor's website. Impact A remote attacker may...
IBM DB2 vulnerable to denial-of-service (DoS)
Overview IBM DB2 contains a denial-of-service DoS vulnerability. IBM DB2 contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact An attacker that can create or execute stored procedures may cause a denial-of-service DoS. Solution Apply a workaround...
IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
Overview IBM WebSphere Application Server WAS contains a denial-of-service DoS vulnerability. IBM WebSphere Application Server contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. According to the developer: " For other IBM software products that contain...
F-Secure Internet Gatekeeper for Linux authentication issue
Overview F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation contains an issue where authentication is not present. F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation is an anti-virus product. F-Secure Internet Gatekeeper for Linux contains an issue where...
MODx Evolution vulnerable to SQL injection
Overview MODx Evolution contains a SQL injection vulnerability. MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx Evolution contains SQL injection vulnerability. Impact A remote attacker may execute arbitrary PHP code as a result of SQL injection. Solution...
Lunascape may insecurely load dynamic libraries
Overview Lunascape may use unsafe methods for determining how to load DLLs. Lunascape is a web browser. Lunascape loads certain DLL's when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported...
Cross-site scripting vulnerability in multiple Rocomotion products
Overview Multiple products provided by Rocomotion contain a cross-site scripting vulnerablility. Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Saeki Tominaga of KINOTROPE INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Access Control Security Bypass Vulnerability in Interstage Application Server
Overview Interstage Application Server has an access control security bypass vulnerability which could allow an attacker to access and execute a request from the IP address that should be denied. Impact A remote attacker could access and execute a request from the IP address that should be denied...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a cross-site scripting vulnerability due to the way file types are determined. Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. For more information, refer to the information...
Interstage Application Server Information Disclosure Vulnerability
Overview Interstage Application Server has an information disclosure vulnerability when used in a J2EE environment. Impact By taking the specific steps, a remote attacker could access the files and directories in the server to which J2EE applications are deployed, and the confidential information...
GVim may insecurely load dynamic libraries
Overview GVim may use unsafe methods for determining how to load DLLs. GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this vulnerability t...
Active! mail 6 vulnerable to HTTP header injection
Overview Active! mail 6 from TransWARE Co. contains a HTTP header injection vulnerability. Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA...
Sleipnir and Grani may insecurely load executable files
Overview Sleipnir and Grani may use unsafe methods for determining how to load executables .exe. Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain ...
Lhaplus may insecurely load dynamic libraries
Overview Lhaplus may use unsafe methods for determining how to load DLLs. Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely...
JP1/NETM/Remote Control Agent Authentication Bypass Vulnerability
Overview A vulnerability in the file transfer feature in the JP1/NETM/Remote Control Agent may allow authentication bypass. Impact A remote attacker could manipulate arbitrary files on the system installed with the Remote Control Agent. Solution ease refer to the 'Vendor Information' section for...
Denial of Service (DoS) Vulnerability in JP1/AJS Built-in Database
Overview A Built-in database used by JP1/Automatic Job Management System 3 JP1/AJS3 - Manager and JP1/Automatic Job Management System 2 JP1/AJS2 - Manager contains a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. As a result, Job operations of...
e-Pares vulnerable to session fixation
Overview e-Pares contains a session fixation vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a session fixation vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web application...
Interstage Application Server vulnerable in request processing
Overview The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly. The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certa...
Multiple Cybozu products vulnerable to authentication bypass
Overview Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of ...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Fo...
ATOK screen lock bypass vulnerability
Overview ATOK from JustSystems Corporation contains a screen lock bypass vulnerability. ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass...
tDiary plugin tb-send.rb vulnerable to cross-site scripting
Overview tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. The developer has confirmed that tDiary 2.3.x are not affected by this vulnerability. Project VEX of UBsecure, Inc...
WebCalenderC3 vulnerable to directory traversal
Overview WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
SEIL/B1 authentication issue
Overview SEIL/B1 contains an issue in the implementation of the PPP Access Concentrator PPPAC function, which may allow replay attacks to be performed during the authentication process. The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2...
EC-CUBE information disclosure vulnerability
Overview EC-CUBE from LOCKON CO.,LTD. contains an information disclosure vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that...
Roundcube Webmail vulnerable to cross-site request forgery
Overview Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is...
Site Calendar 'mycaljp' vulnerable to cross-site scripting
Overview Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. The affected plugin is also contained...
Hitachi Web Server Vulnerability in SSL Client Authentication
Overview Hitachi Web Server contains a vulnerability in handling SSL client certificates, which could allow an attacker to manipulate environment variables and/or spoof the client to access Web servers. Impact An attacker could manipulate environment variables and/or spoof the client to access We...
PHP-I-BOARD from Let's PHP! vulnerable to cross-site scripting
Overview PHP-I-BOARD from Let's PHP! contains a cross-site scripting vulnerability. PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Movable Type access restriction bypass vulnerability
Overview Movable Type contains an access restriction bypass vulnerability. Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. A successful attack requires mt-wizard.cgi not to be deleted after initial setup. For...
Buffer overflow vulnerability in Microsoft Works converters
Overview Microsoft Works converters contain a buffer overflow vulnerability. Microsoft Works converters contain a buffer overflow vulnerability when processing Works .wps files. The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for June 2009. For...
Cross-site scripting vulnerability in leger (free edition)
Overview leger free edition from 'AD2000' contains a cross-site scripting vulnerability. leger free edition from 'AD2000' is a software to manage conference room reservations. leger free edition contains a cross-site scripting vulnerability. The vendor has reported that Ver. 1.6.4 released on May...
Trees from CGI RESCUE vulnerable to cross-site scripting
Overview Trees from CGI RESCUE contains a cross-site scripting vulnerability Trees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...