5625 matches found
Blogn cross-site scripting vulnerability
Overview Blogn, a script for the creation of blogs from R-ONE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking...
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...
MailDwarf cross-site scripting vulnerability
Overview MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
open-gorotto cross-site scripting vulnerability
Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...
Shopping Basket Pro directory traversal vulnerability
Overview A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE. Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro. Impact A remote attacker could obtain a list of the file and directory name...
Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal
Overview httpd.pl from Fuktommy.com including an HTML preprocessor contains a directory traversal vulnerability. httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could,...
Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files
Overview Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools. Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software...
Lhaplus buffer overflow vulnerability
Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...
Apache UTF-7 Encoding Cross-Site Scripting Vulnerability
Overview The modautoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset. Impact An attacker...
Microsoft Internet Explorer address bar spoofing vulnerability
Overview Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while th...
Multiple email clients vulnerable in handling an attachement inapropriately
Overview Some email clients contain a vulnerability which may crash themselves as they do not properly handle an attached file with an particular file name. Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a...
Wiki clone products vulnerable to denial of service attacks
Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...
ServerView cross-site scripting vulnerability
Overview ServerView, server-monitoring software included with Fujitsu servers, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
Geeklog cross-site scripting vulnerability
Overview Geeklog, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...
04WebServer cross-site scripting vulnerability
Overview 04WebServer, open source web server software, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
Owl SQL injection vulnerability
Overview Owl, an open source document management and publishing system, contains an SQL injection vulnerability. Impact A remote attacker may modify or steal the database contents. Solution None...
Owl cross-site scripting vulnerability
Overview Owl, an open source document management and publishing system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution...
NEC MultiWriter 1700C web server authentication bypass vulnerability
Overview Certain NEC printers have build-in web servers. They contain a vulnerability, where unauthorized users could change the system configuration. Impact A remote attacker could change the system configuration of the printer's built-in web server. Solution None...
NEC MultiWriter 1700C/7500C FTP server vulnerability
Overview NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server. Impact A remote attacker could possibly conduct a...
MyODBC Japanese Conversion Edition denial of service vulnerability
Overview MyODBC is an ODBC driver that allows ODBC-compliant applications to communicate with a MySQL database. MyODBC Japanese Conversion Edition is a Windows version of the driver with additional Japanese encoding functionality released from SoftAgency. MyODBC Japanese Conversion Edition contai...
Hyper NIKKI System cross-site scripting vulnerability
Overview Hyper NIKKI System hns, web log software from the Hyper NIKKI System Project, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session...
Nucleus cross-site scripting vulnerability
Overview Nucleus, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could...
Chama Cargo cross-site scripting vulnerability
Overview Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
SugarCRM cross-site scripting vulnerability
Overview SugarCRM, open source CRM Customer Relationship Management software, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30144870. Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker...
a-blog cross-site scripting vulnerability
Overview a-blog, a server-based blog tool from appleple, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...
Trac cross-site scripting vulnerability
Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability which affects Microsoft Internet Explorer. Impact A remote attacker could possibly execute an arbitrary...
Multiple Vulnerabilities in JP1/IT Desktop Management 2 and JP1/NETM/DM
Overview Multiple vulnerabilities have been found in JP1/IT Desktop Management 2 and JP1/NETM/DM. CVE-2025-65115:Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM CVE-2025-65116:Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM Impact...
Canon IJ Scan Utility registers Windows services with unquoted file paths
Overview IJ Scan Utility provided by Canon Inc. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-1585 Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may execute arbitrary code with SYSTEM...
Multiple vulnerabilities in SS1
Overview SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength CWE-326 - CVE-2025-46409 Files or directories accessible to external parties CWE-552 - CVE-2025-52460 Incorrect permission assignment for critical resource CWE-732 -...
Multiple vulnerabilities in Mubit Powered BLUE 870
Overview Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-54958 Path traversal CWE-22 - CVE-2025-54959 CVE-2025-54958 Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...
ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
Overview ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. Use of Hard-coded Credentials CWE-798 - CVE-2025-53842 This vulnerability is caused by an insufficient fix for CVE-2024-39838 JVN70666401. Hiroki Sato of Institute of Science Tokyo...
Heap-based buffer overflow vulnerability in V-SFT and TELLUS
Overview A heap-based buffer overflow vulnerability CWE-122 exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. - CVE-2025-50130 Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Opening V9 files or X1 file...
Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)
Overview Trend Micro Incorporated has released a security update for Trend Micro Security for Windows CVE-2025-52521. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Arbitrary files or folders may be deleted due to a windows...
+F FS010M vulnerable to OS command injection
Overview +F FS010M provided by FUJI SOFT INCORPORATED contains multiple OS command injection vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-24306 OS command injection CWE-78 - CVE-2025-25220 Takeshi Kuramori of National Institute of Information and Communications Technology,...
Out-of-bounds read vulnerability in Cente middleware
Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. treat TCP MSS option values improperly, leading to an out-of-bounds read vulnerability CWE-125, CVE-2025-23406. DMG MORI Digital Co., LTD. reported this...
OMRON NJ/NX series vulnerable to path traversal
Overview Machine Automation Controller NJ/NX series provided by OMRON Corporation contain a path traversal vulnerability CWE-22, CVE-2024-12083. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary file in the affected product...
WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery
Overview WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. KENJI YOSHIKAWA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user vie...
SXF Common Library vulnerable to improper input data handling
Overview SXF Common Library provided by General Incorporated Association OCF is vulnerable to improper input data handling CWE-237. Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a produc...
Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element
Overview Trend Micro Incorporated has released the security updates for Deep Security 20.0 Agent for Windows that contains a fix for an uncontrolled search path element vulnerability CWE-427, CVE-2024-55955. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the...
Authentication Bypass Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Overview Authentication bypass vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...
Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX
Overview UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-45841 OS Command Injection CWE-78 - CVE-2024-47133 Inclusion of Undocumented Features CWE-1242 - CVE-2024-52564 T...
Multiple vulnerabilities in FUJI ELECTRIC products
Overview Multiple vulnerabilities listed below exist in the remote monitoring software 'TELLUS' and 'TELLUS Lite', and the simulator module and the remote monitoring software 'V-Server' and 'V-Server Lite' contained in the graphic editor 'V-SFT' provided by FUJI ELECTRIC CO., LTD. Multiple...
HAProxy vulnerable to HTTP request/response smuggling
Overview HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Yuki Mogi of FFRI...
N-LINE vulnerable to HTML injection
Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2024-47134 Stack-based buffer overflow CWE-121 - CVE-2024-47135 Out-of-bounds read CWE-125 - CVE-2024-47136 Michael Heinzl reported...
RevoWorks Cloud vulnerable to unintended process execution
Overview RevoWorks Cloud provided by J's Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized...
Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions
Overview Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions CWE-451. Keishi Awata of logicalmixed reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
IPCOM vulnerable to information disclosure
Overview SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/...
Multiple Safie products vulnerable to improper server certificate verification
Overview Multiple Safie products are vulnerable to improper server certificate verification CWE-295. The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the...