5625 matches found
Windows URL Protocol Handler may insecurely load executable files
Overview Windows URL Protocol Handler may use unsafe methods for determining how to load executable .exe files. Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executab...
Google Search Appliance vulnerable to cross-site scripting
Overview Google Search Appliance provided by Google contains a cross-site scripting vulnerability. Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Yosuke...
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...
WeblyGo vulnerable to cross-site scripting
Overview WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS contains a cross-site scripting vulnerability. WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Yoshihiro Ishikawa of LAC reported this vulnerability ...
Microsoft MSXML vulnerability in HTTP request processing
Overview MSXML provided by Microsoft contains a vulnerability in the processing of HTTP requests. MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to...
Microsoft Outlook read receipt function vulnerability
Overview Microsoft Outlook contains a vulnerability in the read receipt function. Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Ayako Kozakai of NTT DATA SECURITY CORPORATION...
iVIEW Suite vulnerable to SQL injection
Overview iVIEW Suite from RADVISION contains a SQL injection vulnerability. iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to...
Multiple Buffalo routers vulnerable to cross-site request forgery
Overview Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management...
Password Vault Web Access vulnerable to cross-site scripting
Overview Password Vault Web Access PVWA provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability. Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerabilit...
Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability
Overview Hitachi Tuning Manager Software contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Picasa may insecurely load executable files
Overview Picasa may use unsafe methods for determining how to load executables .exe Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load...
IBM Lotus vulnerable to denial-of-service (DoS)
Overview IBM Lotus product line contains a denial-of-service DoS vulnerability. IBM Lotus product line contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the...
Lunascape may insecurely load executable files
Overview Lunascape may use unsafe methods for determining how to load executables .exe. Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki...
SquirrelMail vulnerable to cross-site scripting
Overview SquirrelMail contains a cross-site scripting vulnerability. SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Yosuk...
EUR Form Client Arbitrary File Execution Vulnerability
Overview EUR Form Client has an arbitrary file execution vulnerability. Impact A remote attacker could execute arbitrary file on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...
Vulnerability in Epson printer driver installer where access permissions are changed
Overview A vulnerability in printer driver installers provided by Epson cause access permissions to a certain folder on the system to be changed. When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. A...
Clipboard contents alteration vulnerability in Grani
Overview Grani contains a vulnerability in which the contents of the clipboard may be altered. Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the...
Clipboard contents alteration vulnerability in Sleipnir
Overview Sleipnir contains a vulnerability in which the contents of the clipboard may be altered. Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the conten...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from JVN01948274, and other issues that were previously published on JVN. Impact When opening a specially crafted file...
Sleipnir and Grani may insecurely load dynamic libraries
Overview Sleipnir and Grani may use unsafe methods for determining how to load DLLs. Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurel...
Archive Decoder may insecurely load executable files
Overview Archive Decoder may use unsafe methods for determining how to load executables .exe. Archive Decoder is a file extraction software that supports multiple file en extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Makoto...
Explzh may insecurely load executable files
Overview Explzh may use unsafe methods for determining how to load executables .exe. Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables .exe when extracting files. Explzh contains an issue with the file search path, which may...
XacRett may insecurely load executable files
Overview XacRett may use unsafe methods for determining how to load executables .exe. XacRett is a file extraction software that supports many file formats. XacRett loads certain executables .exe when extracting files. XacRett contains an issue with the file search path, which may insecurely load...
Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server
Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains a cross-site request forgery vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Yoshihiro...
Phishing Vulnerability in Accela BizSearch Document View Window
Overview The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to: display a fraudulent web page over a legitimate web page steal cookies stored in browser place arbitrary cookies into browser Impact A remote attacker could...
Denial of Service (DoS) Vulnerability in Hitachi Storage Command Suite Built-in Database
Overview A built-in database in Hitachi Storage Command Suite HSCS abends upon receiving maliciously-crafted data intended to exploit its denial of service DoS vulnerability. As a result, HSCS may become not operational or shutdown, for example, making operations from the screen and access to the...
Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Overview Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI...
Denial of Service (DoS) Vulnerability in JP1/PAM
Overview A Built-in database in JP1/Performance Analysis - Manager and JP1/Performance Management - Analysis Manager JP1/PAM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the...
Denial of Service (DoS) Vulnerability in Cosminexus
Overview Cosminexus series products contain a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. After it abends, the service can be restarted by rebooting the system. Impact A remote attacker could cause a denial of service DoS condition. Solution...
moobbs2 vulnerable to cross-site scripting
Overview moobbs2 contains a cross-site scripting vulnerability. moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Winny BBS information processing vulnerability
Overview Winny contains a vulnerability in the processing of BBS information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Yuji Ukai of eEye Digital Security...
Multiple vulnerabilities in ActiveGeckoBrowser
Overview ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities. ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attack...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability is different from JVN98467259. The "Ichitaro" series word processing software, from JustSystems Corporation contains a...
XMAP3 Arbitrary Code Execution Vulnerability
Overview An arbitrary code execution vulnerability exists in the system installed with XMAP3/Web, or it may experience unexpected shutdown of Internet Explorer. The same issues exist in the Web browser testing tool, a web system development feature that comes with XMAP3/NET and XMAP3/Enterprise...
CapsSuite Small Edition PatchMeister vulnerable to denial of service
Overview CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Servers or...
Accela BizSearch Access Control Bypass Vulnerability
Overview The local file seraching function in IntelligentSearch and Accela BizSearch is prone to an access control bypass vulnerability. Impact Users without permission can access restricted files on the local Windows machine via the BizSearch search results. Solution Please refer to the 'Vendor...
Compiere vulnerable to cross-site scripting
Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...
StartTLS not enabled in Hitachi Storage Command Suite products
Overview When a Hitachi Storage Command Suite product uses an LDAP directory server as the server to be used for external authentication, StartTLS won't be enabled even if it is specified as the connection protocol. Impact StartTLS won't be enabled even if it is specified as the connection...
Active! mail 2003 cookie disclosure vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which cookies may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed. Kenichi Maehashi of CIS RAT at Hosei Universi...
Active! mail 2003 session ID disclosure vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which session IDs may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Kenichi Maehashi of CIS RAT at Hosei...
Active! mail 2003 cross-site scripting vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...
Redmine vulnerable to cross-site request forgery
Overview Redmine contains a cross-site request forgery vulnerability. Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Roundcube Webmail vulnerable to cross-site request forgery
Overview Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is...
SEIL/X Series and SEIL/B1 buffer overflow vulnerability
Overview SEIL/X Series and SEIL/B1 contain a buffer overflow vulnerability. SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the URL filtering function, which may lead to a buffer overflow vulnerability. Impact When processing a specially...
Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
Overview Implementations of Internet Protocol version 6 IPv6 may be vulnerable to denial of service DoS attacks. Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol RFC4861, which may lead to a denial of service vulnerablility. For more...
Cross-site scripting vulnerability in multiple phpspot products
Overview Multiple products provided by phpspot contain a cross-site scripting vulnerablility. Multiple products BBS Software etc. provided by phpspot contain a cross-site scripting vulnerablility. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...
XF-Section vulnerable to cross-site scripting
Overview XF-Section from Happy Linux contains a cross-site scripting vulnerability. XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Issue of Access Control Failure in Groupmax Scheduler Server
Overview Groupmax Scheduler Server contains a vulnerability in which access privilege settings can be rendered invalid. Impact An unauthorized user may gain access to the Groupmax Scheduler Server. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
SugarCRM vulnerable to SQL injection
Overview SugarCRM contains a SQL injection vulnerability. SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...