5625 matches found
FileMaker Pro vulnerable to cross-site scripting
Overview FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the...
Sleipnir Mobile for Android vulnerable to address bar spoofing
Overview Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
Yahoo! Browser vulnerable to address bar spoofing
Overview Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Cross-site scripting vulnerability in the web2py social bookmarking widget
Overview The social bookmarking widget share.js in web2py contains a cross-site scripting vulnerability. web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability. Yuji Kosuga of Everforth Co., Ltd...
Yahoo! Browser vulnerable to address bar spoofing
Overview Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact This...
ArtIME Japanese Input vulnerable to information disclosure
Overview ArtIME Japanese Input contains an issue in the access permissions for the certain files. ArtIME Japanese Input is a Japanese Input Method Editor IME for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Buss...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Hisashi Kojima...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories...
Multiple Cisco products vulnerable to denial-of-service (DoS)
Overview The SSH implementation in multiple Cisco products contains a denial-of-service DoS vulnerability. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Multiple JustSystems products vulnerable to arbitrary code execution
Overview Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution. For more information, refer to the information provided by the developer. Impact Opening a file may cause arbitrary code to be executed with the privilege of the running...
3DM (3ware Disk Manager) vulnerable to directory traversal
Overview 3DM 3ware Disk Manager contains a directory traversal vulnerability. 3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability. yamaguchi tsuyoshi of Digiplate.inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
GREE for Android vulnerable to directory traversal
Overview GREE for Android contains a directory traversal vulnerability. GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
Documents Pro (formerly Files HD) vulnerable to cross-site scripting
Overview Documents Pro provided by Olive Toast Software Ltd. contains a cross-site scripting vulnerability. Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. report...
Multiple Android devices vulnerable to denial-of-service (DoS)
Overview Multiple Android devices contains a denial-of-service DoS vulnerability. Multiple Android devices contain an issue when referencing specific system area, which may lead to a denial-of-service DoS. Tsukasa Oi of Fourteenforty Research Institue, Inc. reported this vulnerability to IPA...
Opera address bar spoofing vulnerability
Overview Opera contains a vulnerability where the URL displayed in the address bar may be spoofed. Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other. Masahiro Yamada reported this...
Adobe Reader fails to properly handle signatures
Overview Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Cross-site Scripting Vulnerability in JP1/Integrated Management - Service Support
Overview A cross-site scripting vulnerability was found in JP1/Integrated Management - Service Support. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...
Multiple web browsers vulnerable in processing Tranfer-Encoding header
Overview Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as ...
YY-BOARD vulnerable to cross-site scripting
Overview YY-BOARD contains a cross-site scripting vulnerability. YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with...
SmallPICT vulnerable to cross-site scripting
Overview SmallPICT contains a cross-site scripting vulnerability. SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
@WEB ShoppingCart vulnerable to cross-site scripting
Overview @WEB ShoppingCart contains a cross-site scripting vulnerability. @WEB ShoppingCart provided by WEBLOGIC CORPORATION. is a system for creating shopping websites. @WEB ShoppingCart contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Labo.,Inc reported this...
Logitec LAN-W300N/R series fails to restrict access permissions
Overview Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. Jin Sawada, Keisuke Okazaki, Naoto Katsumi of Security...
iLunascape for Android vulnerable in the WebView class
Overview iLunascape for Android contains a vulnerability in the WebView class. iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
WEB MART from KENT-WEB vulnerable to cross-site scripting
Overview WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability. WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting. Isayama Takayoshi ...
Dokodemo Rikunabi 2013 vulnerable to cross-site scripting
Overview Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Dokodemo Rikunabi 2013 is an extension for Google Chrome. Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences,Tohoku University reported this...
Janetter vulnerable to cross-site request forgery
Overview Janetter contains a cross-site request forgery vulnerability. Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA...
JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability
Overview JP1/Cm2/Network Node Manager i NNMi contains vulnerabilities could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...
Jenkins vulnerable to cross-site scripting
Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Note that this vulnerability is different from JVN14791558. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
SquirrelMail plugin Autocomplete vulnerable to cross-site scripting
Overview The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability. The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting...
ES File Explorer fails to restrict access permissions
Overview ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted. ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted. Shiongu of satoweb and...
Multiple COOKPAD applications for Android vulnerable in WebView class
Overview Multiple COOKPAD applications for Android contain a vulnerability in WebView class. Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Gaku Mochizuki of Mitsui Bussan...
PowerChute Business Edition vulnerable to cross-site scripting
Overview PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported th...
Nikki vulnerable to OS command injection
Overview Nikki from HP no Mawashimono contains an OS command injection vulnerability. Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Nikki vulnerable to directory traversal
Overview Nikki from HP no Mawashimono contains a directory traversal vulnerability. Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
Iwate Portal Bar vulnerable to arbitrary script execution
Overview Iwate Portal Bar is vulnerable to arbitrary script execution. Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper...
Touhou Hisouten vulnerable to denial-of-service
Overview Touhou Hisouten from Twilight Frontier contains a denial-of-service DoS vulnerability. Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Yu...
FFFTP may insecurely load executable files
Overview FFFTP may use unsafe methods for determining how to load executables .exe FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC...
WEB FORUM vulnerable to cross-site scripting
Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure...
Sage vulnerable to arbitrary script execution
Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN30221194. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...
Windows URL Protocol Handler may insecurely load executable files
Overview Windows URL Protocol Handler may use unsafe methods for determining how to load executable .exe files. Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executab...
Google Search Appliance vulnerable to cross-site scripting
Overview Google Search Appliance provided by Google contains a cross-site scripting vulnerability. Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Yosuke...
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...
WeblyGo vulnerable to cross-site scripting
Overview WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS contains a cross-site scripting vulnerability. WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Yoshihiro Ishikawa of LAC reported this vulnerability ...
Microsoft MSXML vulnerability in HTTP request processing
Overview MSXML provided by Microsoft contains a vulnerability in the processing of HTTP requests. MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to...
Microsoft Outlook read receipt function vulnerability
Overview Microsoft Outlook contains a vulnerability in the read receipt function. Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Ayako Kozakai of NTT DATA SECURITY CORPORATION...
iVIEW Suite vulnerable to SQL injection
Overview iVIEW Suite from RADVISION contains a SQL injection vulnerability. iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to...
Multiple Buffalo routers vulnerable to cross-site request forgery
Overview Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management...
Password Vault Web Access vulnerable to cross-site scripting
Overview Password Vault Web Access PVWA provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability. Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerabilit...
Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability
Overview Hitachi Tuning Manager Software contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Picasa may insecurely load executable files
Overview Picasa may use unsafe methods for determining how to load executables .exe Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load...