5627 matches found
JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability
Overview JP1/Cm2/Network Node Manager i NNMi contains vulnerabilities could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...
Movable Type vulnerable to OS command injection
Overview Movable Type contains an OS command injection vulnerability. Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest...
PowerChute Business Edition vulnerable to cross-site scripting
Overview PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported th...
Nikki vulnerable to OS command injection
Overview Nikki from HP no Mawashimono contains an OS command injection vulnerability. Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Nikki vulnerable to directory traversal
Overview Nikki from HP no Mawashimono contains a directory traversal vulnerability. Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
Touhou Hisouten vulnerable to denial-of-service
Overview Touhou Hisouten from Twilight Frontier contains a denial-of-service DoS vulnerability. Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Yu...
FFFTP may insecurely load executable files
Overview FFFTP may use unsafe methods for determining how to load executables .exe FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC...
Samba Web Administration Tool vulnerable to cross-site request forgery
Overview Samba Web Administration Tool SWAT contains a cross-site request forgery vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samb...
Internet Explorer window display vulnerability
Overview Internet Explorer contains a vulnerability where the window display may be forged. Internet Explorer contains an issue with rendering window displays, which may lead to a window display being forged. hoshikuzu|stardust reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Oracle iPlanet Web Server information disclosure vulnerability
Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains an information disclosure vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability. Impact A remote...
ASP.NET vulnerable to cross-site scripting
Overview ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability. ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the applicatio...
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...
Microsoft Outlook read receipt function vulnerability
Overview Microsoft Outlook contains a vulnerability in the read receipt function. Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Ayako Kozakai of NTT DATA SECURITY CORPORATION...
iVIEW Suite vulnerable to SQL injection
Overview iVIEW Suite from RADVISION contains a SQL injection vulnerability. iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to...
Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability
Overview Hitachi Tuning Manager Software contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Picasa may insecurely load executable files
Overview Picasa may use unsafe methods for determining how to load executables .exe Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load...
e107 vulnerable to cross-site scripting
Overview e107 contains a cross-site scripting vulnerability. e107 provided by e107.org is a Content Management System CMS software. e107 contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Securi...
SEIL Series routers vulnerable to buffer overflow
Overview SEIL Series routers contain a buffer overflow vulnerability. The PPP Access Concentrator PPPAC contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets. Impact An attacker may be able to execute arbitrary code. Accoding to the developer, all...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or ShiftJIS encoded characters, which may result in cross-site...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Fo...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...
Vulnerability in Epson printer driver installer where access permissions are changed
Overview A vulnerability in printer driver installers provided by Epson cause access permissions to a certain folder on the system to be changed. When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. A...
Clipboard contents alteration vulnerability in Grani
Overview Grani contains a vulnerability in which the contents of the clipboard may be altered. Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the...
Clipboard contents alteration vulnerability in Sleipnir
Overview Sleipnir contains a vulnerability in which the contents of the clipboard may be altered. Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the conten...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from JVN01948274, and other issues that were previously published on JVN. Impact When opening a specially crafted file...
Sleipnir and Grani may insecurely load dynamic libraries
Overview Sleipnir and Grani may use unsafe methods for determining how to load DLLs. Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurel...
Archive Decoder may insecurely load executable files
Overview Archive Decoder may use unsafe methods for determining how to load executables .exe. Archive Decoder is a file extraction software that supports multiple file en extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Makoto...
Explzh may insecurely load executable files
Overview Explzh may use unsafe methods for determining how to load executables .exe. Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables .exe when extracting files. Explzh contains an issue with the file search path, which may...
K2Editor may insecurely load executable files
Overview K2Editor may use unsafe methods for determining how to load executables .exe. K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may...
Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server
Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains a cross-site request forgery vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Yoshihiro...
Multiple Vulnerabilities in Groupmax Scheduler Server
Overview A denial of service DoS or arbitrary file manipulation vulnerability has been reported in multiple Hitachi products. Impact A remote attacker could cause a denial of service DoS condition or manipulate arbitrary files. Solution Please refer to the 'Vendor Information' section for the...
Phishing Vulnerability in Accela BizSearch Document View Window
Overview The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to: display a fraudulent web page over a legitimate web page steal cookies stored in browser place arbitrary cookies into browser Impact A remote attacker could...
AD-EDIT2 vulnerable to cross-site scripting
Overview AD-EDIT2 contains a cross-site scripting vulnerability. AD-EDIT2 is a Contents Management System CMS software. AD-EDIT2 contains a cross-site scripting vulnerability. Seiei Higa of IT College Okinawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
moobbs2 vulnerable to cross-site scripting
Overview moobbs2 contains a cross-site scripting vulnerability. moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Winny BBS information processing vulnerability
Overview Winny contains a vulnerability in the processing of BBS information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Yuji Ukai of eEye Digital Security...
Forced Shutdown or Restart with JP1/ServerConductor/Deployment Manager
Overview JP1/ServerConductor/Deployment Manager's Client Service for DPM has a vulnerability which could cause a shutdown or restart of the client computer when receiving ill-formed data. Impact A remote attacker could shut down or restart the target system. Solution Please refer to the 'Vendor...
Multiple vulnerabilities in ActiveGeckoBrowser
Overview ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities. ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attack...
Stack-Based Buffer Overflow Vulnerability in Collaboration Common Utility
Overview Collaboration Common Utility, a component of multiple Hitachi products, is vulnerable to stack-based buffer overflow when the Drag and Drop Component for Collaboration feature is also installed. Impact No details available. Solution Please refer to the 'Vendor Information' section for th...
e-Pares vulnerable to cross-site request forgery
Overview e-Pares contains a cross-site request forgery vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the...
e-Pares vulnerable to cross-site scripting
Overview e-Pares contains a cross-site scripting vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability is different from JVN98467259. The "Ichitaro" series word processing software, from JustSystems Corporation contains a...
Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability
Overview An arbitrary code execution vulnerability exists in several EUR Form and EUR products. Impact A remote attacker could execute arbitrary code through the affected web pages. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...
MODx vulnerable to cross-site scripting
Overview MODx provided by The MODx CMS Project contains a cross-site scripting vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported th...
JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability
Overview Computer systems running the JP1/Cm2/Network Node Manager NNM Remote Console for Windows are vulnerable due to insecure file permissions set on the systems. Impact A local attacker could replace the affected files provided by the NNM Remote Console with arbitrary files. Solution Please...
Oracle Application Server vulnerable to cross-site scripting
Overview Oracle Application Server from Oracle contains a cross-site scripting vulnerability. Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC...
Active! mail 2003 cookie disclosure vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which cookies may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed. Kenichi Maehashi of CIS RAT at Hosei Universi...
Active! mail 2003 session ID disclosure vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which session IDs may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Kenichi Maehashi of CIS RAT at Hosei...
Active! mail 2003 cross-site scripting vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...
Redmine vulnerable to cross-site request forgery
Overview Redmine contains a cross-site request forgery vulnerability. Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...