5625 matches found
OS command injection vulnerability in multiple FUJITSU Android devices
Overview Multiple FUJITSU Android devices contain an OS command injection vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker with local access may obtain...
Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors
Overview The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Note that this vulnerability is different from JVN21907573...
FAST/TOOLS vulnerable to improper restriction of XML external entity references
Overview FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC coordinate...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. For more information, please refer to the developer's website...
OpenAM vulnerable to denial-of-service (DoS)
Overview OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Yasushi IWAKATA of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC...
SumaHo for Android fails to verify SSL/TLS server certificates
Overview SumaHo for Android fails to verify SSL/TLS server certificates. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an...
Aflax vulnerable to cross-site scripting
Overview Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...
Safari issue in handling application cache
Overview Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on. Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...
Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
Overview Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Yahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN. JPCERT/CC coordinated with Yahoo Japan...
SLFileManager for Android vulnerable to directory traversal
Overview SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Bump for Android vulnerable in handling of implicit intents
Overview Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Help Page in multiple Adobe products vulnerable to cross-site scripting
Overview The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...
Advance-Flow vulnerable to SQL injection
Overview Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
Cakifo vulnerable to cross-site scripting
Overview Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on...
Piwigo vulnerable to cross-site scripting
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Piwigo vulnerable to cross-site scripting
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability when the "Community" plugin is activated and validation on user uploaded photos is disabled. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
ServerView Operations Manager vulnerable to cross-site scripting
Overview ServerView Operations Manager provided by FUJITSU LIMITED is server management software. ServerView Operations Manager contains a cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
acmailer contains a cross-site request forgery vulnerability
Overview Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a...
Cybozu Garoon vulnerable to access restriction bypass
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution...
SX-2000WG vulnerable to denial-of-service (DoS)
Overview SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of TCP Option header, which may cause a denial-of-service DoS. Note that this vulnerabili...
RockDisk vulnerable to cross-site scripting
Overview RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
Web Kyukincho vulnerable to cross-site request forgery
Overview Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets. CWE-119 Impact By receiving a specially crafted TCP packet, a session established using PPPAC m...
Xml eXternal Entity Vulnerability in XML link function of Hitachi COBOL2002
Overview XML link function of Hitachi COBOL2002 contains vulnerabilities to conduct information leakage or cause a denial of service DoS condition. Impact A remote attacker could conduct information leakage or cause a denial of service DoS condition via untrusted XML document loading unexpected...
Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option
Overview Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option contains cross-site scripting and cross-site request forgery CSRF vulnerabilities. These vulnerabilities can not be exploited, unless logging in these products. Impact A remote attackers could insert to malicious...
SOY CMS vulnerable to cross-site scripting
Overview SOY CMS contains a cross-site scripting vulnerability. SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is an open source content management system CMS. SOY CMS contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated...
Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
Overview Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Impact An attacker may cause a denial-of-service on a server that is...
Cybozu Remote Service Manager vulnerable to session fixation
Overview Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As...
SD Card Manager vulnerable to directory traversal
Overview SD Card Manager provided by apps4u@android contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
sp mode mail vulnerability where Java methods may be executed
Overview sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Hironori Tokuta reported this vulnerability to IPA. JPCERT/CC coordinated wi...
sp mode mail issue where emails in the process of creation may be accessed
Overview sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Androi...
Cybozu Garoon vulnerable to directory traversal
Overview Cybozu Garoon contains a directory traversal vulnerability. Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server...
Denny's App for Android. contains an issue where it fails to verify SSL server certificates
Overview Denny's App for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...
Norman Security Suite vulnerable to privilege escalation
Overview Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability. Satoshi Tanda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker with...
AutoCAD may insecurely load dynamic libraries
Overview AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Overview Apache Commons FileUpload contains a denial-of-service DoS vulnerability. Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool ...
Opera browser for Android issue in handling intent scheme URL's
Overview Opera browser for Android contains an issue in the handling of intent scheme URL's. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a use...
Joyful Note vulnerable to cross-site scripting
Overview Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the lates...
NeoFiler vulnerable to directory traversal
Overview NeoFiler provided by SkyArts.com contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Security File Manager vulnerable to directory traversal
Overview Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
IrfanView vulnerable to buffer overflow
Overview IrfanView is an application for viewing images of many different file formats. IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled. Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA...
Cybozu Garoon vulnerable to session fixation
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result, information may be disclosed or altered. Solution Update the Software Update to the...
Cybozu Garoon vulnerable to mail header injection
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered...
Cybozu Garoon vulnerable to denial-of-service (DoS)
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact A denial-of-service DoS attack via Garoon 3 Keitai may cause high CPU usage on the server. Solution Update the Software Update to the latest version according to th...
KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates
Overview KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates. Yamano Yasuaki of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-mindd...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. For more information, please refer to the developer's website...
Tiki Wiki CMS Groupware vulnerable to cross-site scripting
Overview Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
SEIL Series routers vulnerable in RADIUS authentication
Overview SEIL Series routers contain a vulnerability in RADIUS authentication. The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated...