5625 matches found
Demaecan for Android. contains an issue where it fails to verify SSL server certificates
Overview Demaecan for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...
AutoCAD vulnerable to arbitrary VBScript execution
Overview AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution. kaito834 reported this vulnerability to...
Sanshiro Series vulnerable to arbitrary code execution
Overview The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution Update the...
Security File Manager vulnerable to directory traversal
Overview Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
tetra filer vulnerable to directory traversal
Overview tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
HP Autonomy Ultraseek vulnerable to cross-site scripting
Overview HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
Cybozu Garoon Keitai vulnerable to authentication bypass
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability. Impact When an attacker sends a specially crafted request that includes a user ID for a user that has the Keitai function enabled, authentication using Keitai may b...
Cybozu Garoon vulnerable to SQL injection
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection. Impact A user who can log in to the system may alter information stored in the database. Solution Apply the Patch Apply the appropria...
Juniper ScreenOS vulnerable to denial-of-service (DoS)
Overview ScreenOS provided by Juniper Networks contains a denial-of-service DoS vulnerability. Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When processing a malicious packe...
D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
Overview DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the Web manager function. Note that this vulnerability is different from JVN65312543. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error messages, which may lead to cross-site scripting. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
D-Link DES-3810 Series vulnerable to denial-of-service (DoS)
Overview DES-3810 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Oracle Outside In vulnerable to buffer overflow
Overview Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability. Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
CLIP-MAIL vulnerable to cross-site scripting
Overview CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...
EC-CUBE vulnerable to code injection
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
Cybozu Live for Android vulnerable in the WebView class
Overview Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN77393797. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported...
Cybozu Live for Android vulnerable to arbitrary Java method execution
Overview Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN23009798. Gaku Mochizuki of Mitsui Bussan Secure Directions,...
Sleipnir Mobile for Android vulnerable to address bar spoofing
Overview Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
Sleipnir Mobile for Android loads arbitrary Extension API
Overview Sleipnir Mobile for Android has an Extension mechanism to customize browser functions, and this Extension function makes calls to an Extension API. Sleipnir Mobile for Android contains an issue that may allow a specially crafted web page to load an arbitrary Extension API. Keita Haga of...
Sleipnir for Windows vulnerable to address bar spoofing
Overview Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
Active! mail vulnerable to information disclosure
Overview Active! mail contains an information disclosure vulnerability. Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability. Mitsuru Ogino of Sugiyama Jogakuen reported this vulnerability to IPA. JPCERT/CC coordinated with the...
VxWorks Web Server vulnerable to denial-of-service (DoS)
Overview The VxWorks Web Server contains a denial-of-service vulnerability. The VxWorks Web Server contains a denial-of-service DoS vulnerability. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing authentication requests. Hisashi Kojima and Masahiro Nakada of...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Hisashi Kojima...
dopvCOMET* vulnerable to cross-site scripting
Overview dopvCOMET provided by bayashi.net is a software to analyze web access logs. dopvCOMET contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
NEC Universal RAID Utility fails to restrict access permissions
Overview NEC Universal RAID Utility contains an issue where access permissions are not restricted. NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted. SAKURA Internet Inc. reported this...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
concrete5 vulnerable to cross-site scripting
Overview concrete5 contains a cross-site scripting vulnerability. concrete5 is an open source content management system CMS. concrete5 contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Loctouch for Android information management vulnerability
Overview Loctouch for Android contains an information management vulnerability. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains an information management vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported...
WikkaWiki vulnerable to cross-site scripting
Overview WikkaWiki contains a cross-site scripting vulnerability. WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
Welcart vulnerable to cross-site scripting
Overview Welcart contains a cross-site scripting vulnerability. Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IPA. JPCERT/CC...
Denial of Service (DoS) Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
Overview JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability that could allow a remote attacker to cause a denial of service DoS condition. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer to the...
Hitachi Device Manager Software Denial of Service (DoS) Vulnerability
Overview Hitachi Device Manager Software HDvM contains a denial of service abend vulnerability when receiving a large amount of data at once. If HDvM exits abnormally, users will be able to resume using the software by restarting the HDvM service or daemon. Impact A remote attacker could cause a...
BIGACE vulnerable to session fixation
Overview BIGACE contains a session fixation vulnerability. BIGACE is a content management system CMS. BIGACE contains a session fixation vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
BeZIP vulnerable to directory traversal
Overview BeZIP contains a directory traversal vulnerability. BeZIP provided by Be Graph Co.,Ltd. is a file compression/extraction software supporting ZIP and LZH formats. BeZIP contains a directory traversal vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this...
Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP
Overview Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities. FTP Bounce Attack in PASV mode Buffer overflow at file transmission Defect of the account information check in user authentication Impact A remote attacker could access arbitrary files in system. Solution Please...
Pebble vulnerable to HTTP header injection
Overview Pebble contains an HTTP header injection vulnerability. Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability. Takahisa Kishiya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Pebble vulnerability where entries may become unviewable
Overview Pebble contains a vulnerability where blog entries may become unviewable due to a specially crafted comment being posted. Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability wher...
MosP kintai kanri vulnerable to authentication bypass
Overview MosP kintai kanri contains an authentication bypass vulnerability. MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
MosP kintai kanri fails to restrict access permissions
Overview MosP kintai kanri contains an issue where access permissions are not restricted. MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an issue where access permissions are not restricted. Masako Ohno reported this vulnerability to IPA. JPCERT/CC...
MyWebSearch vulnerable to cross-site scripting
Overview MyWebSearch contains a cross-site scripting vulnerability. MyWebSearch is a CGI script for searching within a website. MyWebSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to t...
jigbrowser+ for Android vulnerable in the WebView class
Overview jigbrowser+ for Android contains a vulnerability in the WebView class. jigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/...
Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service
Overview Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. contains a denial-of-service DoS vulnerability. Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. is an anti-virus package that scans emails. Email Anti-virus formerly WebShield SMTP contains a...
YY-BOARD vulnerable to cross-site scripting
Overview YY-BOARD contains a cross-site scripting vulnerability. YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with...
Zenphoto vulnerable to cross-site scripting
Overview Zenphoto contains a cross-site scripting vulnerability. Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
Flash Player issue in implementations of the Same Origin Policy
Overview Flash Player contains an issue in implementations of the Same Origin Policy. SoundMixer.computeSpectrum method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA. JPCERT/...
SEIL series fail to restrict access permissions
Overview SEIL series contain an issue where access permissions are not restricted. SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted. Impact An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL...
Logitec LAN-W300N/R series fails to restrict access permissions
Overview Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. Jin Sawada, Keisuke Okazaki, Naoto Katsumi of Security...
WEB MART from KENT-WEB vulnerable to cross-site scripting
Overview WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability. WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secu...
Arbitrary Code Execution Vulnerability in Hitachi COBOL GUI Option on Windows
Overview Hitachi COBOL GUI Option on Windows contains a vulnerability where arbitrary code may be executed. This problem does not occur when only the following runtime products are solely used. COBOL GUI Option Run Time System Version 6 COBOL GUI Option Server Run Time System Version 6 COBOL GUI...