5609 matches found
WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting CWE-79. Note that this vulnerability is...
WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Note that this vulnerability i...
Multiple Allied Telesis products vulnerable to buffer overflow
Overview AR Router Series and Alliedware switches provided by Allied Telesis Group contain a buffer overflow vulnerability CWE-788 due to a flaw when processing a POST method. Impact Arbitrary code may be executed when processing a specially crafted HTTP request. Solution Update the Firmware Upda...
TSUTAYA App for Android vulnerable to arbitrary Java method execution
Overview TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
JVN#76515134: WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on t...
JVN#09289074: WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be...
JVN#22440986: Multiple Allied Telesis products vulnerable to buffer overflow
AR Router Series and Alliedware switches provided by Allied Telesis Group contain a buffer overflow vulnerability CWE-788 due to a flaw when processing a POST method. Impact Arbitrary code may be executed when processing a specially crafted HTTP request. Solution Update the Firmware Update to the...
JVN#97384696: TSUTAYA App for Android vulnerable to arbitrary Java method execution
TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted web page, an arbitrary Java method may be executed. Solution Update the software Update to the latest version according to the information provided by the...
Multiple Vulnerabilities in JP1/Cm2/Network Node Manager i
Overview JP1/Cm2/Network Node Manager i contains cross-site scripting and execution of arbitrary code vulnerabilities. Impact An attacker could inject arbitrary web script and execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official countermeasure and tak...
Multiple buffer overflows in Hitachi JP1/Cm2/Network Node Manager i
Overview Multiple buffer overflow vulnerabilities exist in JP1/Cm2/Network Node Manager i. Impact An attacker can exploit these vulnerabilities to execute arbitary code. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
LinPHA vulnerable to cross-site scripting
Overview LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#61181790: LinPHA vulnerable to cross-site scripting
LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use LinPHA LinPHA is no longer being developed or maintained, therefore it is recommended to...
Chyrp vulnerable to cross-site scripting
Overview Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script which ma...
JVN#13160869: Chyrp vulnerable to cross-site scripting
Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability. Impact An arbitrary script which may be embedded by an authenticated attacker could be executed on the Admin user's web browser. Solution Update the software Update to the latest version according to the information...
i-HTTPD vulnerable to cross-site scripting
Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Note that this vulnerability is different from JVN89613370. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
"Omake BBS" of i-HTTPD vulnerable to cross-site scripting
Overview i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability CWE-79. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinated...
i-HTTPD vulnerable to cross-site scripting
Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Note that this vulnerability is different from JVN87910097. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinat...
"File Upload BBS" of i-HTTPD vulnerable to remote command execution
Overview i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Yamagata of webappsec.jp reported...
JVN#87910097: i-HTTPD vulnerable to cross-site scripting
i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained. It is...
JVN#98097877: "Omake BBS" of i-HTTPD vulnerable to cross-site scripting
i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use...
JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution
i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...
JVN#89613370: i-HTTPD vulnerable to cross-site scripting
i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained...
Kaku-San-Sei Million Arthur for Android information management vulnerability
Overview Kaku-San-Sei Million Arthur provided by SQUARE ENIX CO., LTD. is a gaming application. Kaku-San-Sei Million Arthur for Android contains an information management vulnerability. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
KENT-WEB Clip Board vulnerable to cross-site scripting
Overview KENT-WEB Clip Board is a bulletin board software that a user can upload binary files such as image files. Clip Board contains a cross-site scripting vulnerability. Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
JVN#24909891: Kaku-San-Sei Million Arthur for Android information management vulnerability
Kaku-San-Sei Million Arthur provided by SQUARE ENIX CO., LTD. is a gaming application. Kaku-San-Sei Million Arthur for Android contains an information management vulnerability. Impact Android applications with permissions to read information stored on SD cards may obtain product credentials...
JVN#12798709: KENT-WEB Clip Board vulnerable to cross-site scripting
KENT-WEB Clip Board is a bulletin board software that a user can upload binary files such as image files. Clip Board contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
DBD::PgPP vulnerable to SQL injection
Overview DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Toshiharu Sugiyama reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If DBD::Pg...
JVN#70490316: DBD::PgPP vulnerable to SQL injection
DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Impact If DBD::PgPP is used in a program, a remote attacker may execute an arbitrary SQL command. Solution Update the software Update to the latest version according to the...
LG Electronics mobile access routers lack access restrictions
Overview LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacke...
ARROWS Me F-11D vulnerability where arbitrary areas may be accessed
Overview ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed. FUKAUMI Naoki of SOUM Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker with local...
OS command injection vulnerability in multiple FUJITSU Android devices
Overview Multiple FUJITSU Android devices contain an OS command injection vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker with local access may obtain...
Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors
Overview The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP...
JVN#61593104: ARROWS Me F-11D vulnerability where arbitrary areas may be accessed
ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed. Impact An attacker with local access may obtain or alter contents in the flash memory of the device. Solution Apply an Update Apply the update according to the information provided by the provider...
JVN#71762315: LG Electronics mobile access routers lack access restrictions
LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Impact An attacker that can access the device may bypass authentication and obtain information stored on the device. Solution Apply an Update Apply the update according ...
JVN#67792023: Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors
The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multipl...
JVN#06302787: OS command injection vulnerability in multiple FUJITSU Android devices
Multiple FUJITSU Android devices contain an OS command injection vulnerability. Impact An attacker with local access may obtain root privileges and execute arbitrary OS commands. Solution Apply an Update Apply the appropriate update according to the information provided by the provider. Products...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Note that this vulnerability is different from JVN21907573...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Note that this vulnerability is different from JVN04895240. Impact By receiving a large volume of NTP request in a short time, the devi...
JVN#21907573: SEIL Series routers vulnerable to denial-of-service (DoS)
SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Impact By receiving a large volume of NTP request in a short time, the device might continue sending response packets. As a result, the device's...
JVN#04895240: SEIL Series routers vulnerable to denial-of-service (DoS)
The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Impact By receiving a specially crafted packet, the device may be...
FAST/TOOLS vulnerable to improper restriction of XML external entity references
Overview FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC coordinate...
JVN#54775800: FAST/TOOLS vulnerable to improper restriction of XML external entity references
FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Impact When opening a project with a specially crafted XML file, information managed by the product may be disclosed or may become a victim o...
BSD Operating Systems vulnerable to denial-of-service (DoS)
Overview BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Hiroki Takakura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#07930208: BSD Operating Systems vulnerable to denial-of-service (DoS)
BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Impact When a sepcially crafted packet from a malicious server is received, a condition where client resources are not released may occur. As a result, clients...
iLogScanner vulnerable to cross-site scripting
Overview iLogScanner contains a cross-site scripting vulnerability. iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability CWE-79 d...
Direct Web Remoting (DWR) vulnerable to cross-site scripting
Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Direct Web Remoting (DWR) vulnerable to XML external entity injection
Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#89852154: iLogScanner vulnerable to cross-site scripting
iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability CWE-79 due to a flaw when processing analysis results and outputting the...
JVN#52422792: Direct Web Remoting (DWR) vulnerable to cross-site scripting
Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version of DWR according to the...
JVN#91502163: Direct Web Remoting (DWR) vulnerable to XML external entity injection
Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Impact When an application uses a function to convert DOM data DOMConverter, JDOMConverter, DOM4JConverter or XOMConverter and a specially...