5625 matches found
Maroyaka Image Album vulnerable to cross-site scripting
Overview Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Maroyaka Simple Board vulnerable to cross-site scripting
Overview Maroyaka Simple Board provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Simple Board contains a persistent cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
JVN#09871547: Maroyaka Image Album vulnerable to cross-site scripting
Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...
JVN#91016415: Maroyaka Relay Novel vulnerable to cross-site scripting
Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
JVN#63687798: Maroyaka Simple Board vulnerable to cross-site scripting
Maroyaka Simple Board provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Simple Board contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass
Overview Google Captcha reCAPTCHA by BestWebSoft is a plugin for WordPress. Google Captcha reCAPTCHA by BestWebSoft contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an...
BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass
Overview Captcha provided by BestWebSoft is a plugin for WordPress. Captcha contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an administrative interface without...
JVN#55063777: Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass
Google Captcha reCAPTCHA by BestWebSoft is a plugin for WordPress. Google Captcha reCAPTCHA by BestWebSoft contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an...
JVN#93727681: BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass
Captcha provided by BestWebSoft is a plugin for WordPress. Captcha contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an administrative interface without authentication...
Cross-site Scripting Vulnerability in Hitachi IT Operations Analyzer
Overview A cross-site scripting vulnerability was found in the online help of Hitachi IT Operations Analyzer. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasur...
Cross-site Scripting Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director
Overview A cross-site scripting vulnerability was found in the online help of JP1/IT Desktop Management - Manager and Hitachi IT Operations Director. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information...
Multiple Cross-site Scripting Vulnerabilities in Hitachi Compute Systems Manager
Overview Multiple cross-site scripting vulnerabilities were found in Hitachi Compute Systems Manager. Impact Remote users can exploit multiple cross-site scripting vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasu...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing SSTP packets. Impact Receiving a specially crafted SSTP packet may result in the device becoming unresponsive...
Vulnerability in the jBCrypt key stretching process
Overview jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31. Norito AGETSUMA reported this...
KENT-WEB Clip Board vulnerability where arbitary files may be deleted
Overview Clip Board provided by KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. KENT-WEB Clip Board contains a vulnerability that may allow a remote attacker to delete arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC...
Joyful Note vulnerability in handling files
Overview Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
checkpw vulnerable to denial-of-service (DoS)
Overview checkpw is a password authentication program. checkpw contains a denial-of-service DoS vulnerability due to a flaw in processing account names CWE-400. Hiroya Ito of GMO Pepabo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#88862608: Joyful Note vulnerability in handling files
Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Impact A remote attacker may create arbitrary files or delete existing files on the server. As a result, arbitrary code may ...
JVN#77718330: Vulnerability in the jBCrypt key stretching process
jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31. Impact When the hash value for a password ...
JVN#34790526: checkpw vulnerable to denial-of-service (DoS)
checkpw is a password authentication program. checkpw contains a denial-of-service DoS vulnerability due to a flaw in processing account names CWE-400. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Software Update to the latest version according to the...
JVN#63949115: SEIL Series routers vulnerable to denial-of-service (DoS)
The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing SSTP packets. Impact Receiving a specially crafted SSTP packet may result in the device becoming unresponsive. Solution...
JVN#62298871: KENT-WEB Clip Board vulnerability where arbitary files may be deleted
Clip Board provided by KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. KENT-WEB Clip Board contains a vulnerability that may allow a remote attacker to delete arbitrary files. Impact A remote attacker may delete arbitrary files on the server...
Zen Cart Japanese version vulnerable to cross-site scripting
Overview Zen Cart is an open source system for creating shopping websites. Zen Cart Japanese version contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...
SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#44544694: Zen Cart Japanese version vulnerable to cross-site scripting
Zen Cart is an open source system for creating shopping websites. Zen Cart Japanese version contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution For Zen Cart v1.5 ja variants: Update t...
JVN#30135729: SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Impact Arbitrary code may be executed on the server. Solution Update the Software Update to the latest version according to the information provided by th...
Speed Software Root Explorer and Explorer vulnerable to directory traversal
Overview Root Explorer and Explorer provided by Speed Software contain an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#42768331: Speed Software Root Explorer and Explorer vulnerable to directory traversal
Root Explorer and Explorer provided by Speed Software contain an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application...
AL-Mail32 vulnerable to buffer overflow
Overview AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a buffer overflow vulnerability due to a flaw in processing attachments. Impact When an attachment with specially crafted file name is processed, arbitrary code may be executed. Solution Update the...
Squid input validation vulnerability
Overview Squid contains a vulnerability where inputs are not properly validated. Squid is a caching proxy server. Squid contains a vulnerability where server responses that contain invalid values in the Content-Length of the HTTP header are sent to the client. Kazuho Oku reported this vulnerabili...
AL-Mail32 vulnerable to denial-of-service (DoS)
Overview AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a denial-of-service DoS vulnerability due to a flaw in processing attachments. Yosuka HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...
AL-Mail32 vulnerable to directory traversal
Overview AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a directory traversal vulnerability due to a flaw in processing attachments. Yosuka HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#77294617: AL-Mail32 vulnerable to directory traversal
AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a directory traversal vulnerability due to a flaw in processing attachments. Impact Processing an attachment with a specially crafted file name may result in creation of an arbitrary file or an overwrite of...
JVN#93318392: AL-Mail32 vulnerable to buffer overflow
AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a buffer overflow vulnerability due to a flaw in processing attachments. Impact When an attachment with specially crafted file name is processed, arbitrary code may be executed. Solution Update the Software...
JVN#55365709: AL-Mail32 vulnerable to denial-of-service (DoS)
AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a denial-of-service DoS vulnerability due to a flaw in processing attachments. Impact Processing an attachment with a specially crafted file name may cause the software to become unresponsive. Solution Upda...
JVN#64455813: Squid input validation vulnerability
Squid is a caching proxy server. Squid contains a vulnerability where server responses that contain invalid values in the Content-Length of the HTTP header are sent to the client. Impact If a HTTP response with a specially crafted header is processed, it may result in a HTTP response splitting...
C-BOARD Moyuku vulnerable to arbitrary file creation
Overview C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a vulnerability that may allow a remote attacker to create arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Saurus CMS Community Edition vulnerable to cross-site scripting
Overview Saurus CMS Community Edition is open source software to manage and build websites. Saurus CMS Community Edition contains multiple cross-site scripting vulnerabilities. Yuji Tounai of NTT Com Security reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...
JVN#73261710: C-BOARD Moyuku vulnerable to arbitrary file creation
C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact A remote attacker creating arbitrary files may result in arbitrary code execution on the server. Solution Update the Software Update to the lates...
JVN#18387086: Saurus CMS Community Edition vulnerable to cross-site scripting
Saurus CMS Community Edition is open source software to manage and build websites. Saurus CMS Community Edition contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Apply the appropriate update...
Cross-site Scripting Vulnerability in Hitachi Application Server Help
Overview Hitachi Application Server Help contains a cross-site scripting vulnerability. Impact A remote attacker can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Cross-site Scripting Vulnerability in Hitachi Command Suite Products
Overview The online help of Hitachi Command Suite Products contains a cross-site scripting vulnerability. Impact A remote attacker can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
Smartphone Passbook for Android information management vulnerability
Overview Smartphone Passbook for Android contains an issue where user inputs are output into a log file. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Other android applications with...
Smartphone Passbook fails to verify SSL server certificates
Overview Smartphone Passbook provided by Ogaki Kyoritsu bank Ltd. fails to verify SSL server certificates. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow...
PerlTreeBBS vulnerable to cross-site scripting
Overview PerlTreeBBS from Homepage Decorator is a tree-structured bulletin board software. PerlTreeBBS contains a persistent cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting
Overview shiromukuu1GUESTBOOK from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukuu1GUESTBOOK contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#48659722: Smartphone Passbook for Android information management vulnerability
Smartphone Passbook for Android contains an issue where user inputs are output into a log file. Impact Other android applications with permissions to read system log files may obtain information entered by a user. Solution Update the Software Update to the latest version according to the...
JVN#14522790: Smartphone Passbook fails to verify SSL server certificates
Smartphone Passbook provided by Ogaki Kyoritsu bank Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...
JVN#96155055: PerlTreeBBS vulnerable to cross-site scripting
PerlTreeBBS from Homepage Decorator is a tree-structured bulletin board software. PerlTreeBBS contains a persistent cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according ...
JVN#17480391: shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting
shiromukuu1GUESTBOOK from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukuu1GUESTBOOK contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...