5625 matches found
JVN#61593104: ARROWS Me F-11D vulnerability where arbitrary areas may be accessed
ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed. Impact An attacker with local access may obtain or alter contents in the flash memory of the device. Solution Apply an Update Apply the update according to the information provided by the provider...
JVN#06302787: OS command injection vulnerability in multiple FUJITSU Android devices
Multiple FUJITSU Android devices contain an OS command injection vulnerability. Impact An attacker with local access may obtain root privileges and execute arbitrary OS commands. Solution Apply an Update Apply the appropriate update according to the information provided by the provider. Products...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Note that this vulnerability is different from JVN21907573...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Note that this vulnerability is different from JVN04895240. Impact By receiving a large volume of NTP request in a short time, the devi...
JVN#21907573: SEIL Series routers vulnerable to denial-of-service (DoS)
SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Impact By receiving a large volume of NTP request in a short time, the device might continue sending response packets. As a result, the device's...
JVN#04895240: SEIL Series routers vulnerable to denial-of-service (DoS)
The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Impact By receiving a specially crafted packet, the device may be...
FAST/TOOLS vulnerable to improper restriction of XML external entity references
Overview FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC coordinate...
JVN#54775800: FAST/TOOLS vulnerable to improper restriction of XML external entity references
FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Impact When opening a project with a specially crafted XML file, information managed by the product may be disclosed or may become a victim o...
BSD Operating Systems vulnerable to denial-of-service (DoS)
Overview BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Hiroki Takakura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#07930208: BSD Operating Systems vulnerable to denial-of-service (DoS)
BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Impact When a sepcially crafted packet from a malicious server is received, a condition where client resources are not released may occur. As a result, clients...
iLogScanner vulnerable to cross-site scripting
Overview iLogScanner contains a cross-site scripting vulnerability. iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability CWE-79 d...
Direct Web Remoting (DWR) vulnerable to cross-site scripting
Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Direct Web Remoting (DWR) vulnerable to XML external entity injection
Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#91502163: Direct Web Remoting (DWR) vulnerable to XML external entity injection
Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Impact When an application uses a function to convert DOM data DOMConverter, JDOMConverter, DOM4JConverter or XOMConverter and a specially...
JVN#52422792: Direct Web Remoting (DWR) vulnerable to cross-site scripting
Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version of DWR according to the...
JVN#89852154: iLogScanner vulnerable to cross-site scripting
iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability CWE-79 due to a flaw when processing analysis results and outputting the...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. For more information, please refer to the developer's website...
JVN#16318793: Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. For more information, please refer to the developer's website. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution...
Vulnerability in JP1/NETM/DM and Job Management Partner 1/Software Distribution data reproduction functionality
Overview JP1/NETM/DM and Job Management Partner 1/Software Distribution contain a vulnerability that prevents them from disabling writing to built-in USB storage devices. Impact An attacker can exploit this vulnerability to prevent the affected products from disabling writing to built-in type USB...
Multiple Cybozu products vulnerable to buffer overflow
Overview Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Masaaki Chida of GREE, Inc. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker ma...
JVN#14691234: Multiple Cybozu products vulnerable to buffer overflow
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version according to the information provided by the developer...
OpenAM vulnerable to denial-of-service (DoS)
Overview OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Yasushi IWAKATA of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC...
JVN#65559247: OpenAM vulnerable to denial-of-service (DoS)
OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Impact When an OpenAM system is running "site" configuration with multiple instances, an authenticated attacker may be able...
QNAP QTS vulnerable to OS command injection
Overview QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#55667175: QNAP QTS vulnerable to OS command injection
QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Impact A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. Solution Update...
SumaHo for Android fails to verify SSL/TLS server certificates
Overview SumaHo for Android fails to verify SSL/TLS server certificates. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an...
JVN#27388160: SumaHo for Android fails to verify SSL/TLS server certificates
SumaHo for Android fails to verify SSL/TLS server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Apply the appropriate update according to the information provided by the developer. Products Affected...
GIGAPOD vulnerable to denial-of-service (DoS)
Overview GIGAPOD provided by TripodWorks CO.,LTD. contains a denial-of-service DoS vulnerability. GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interfa...
Aflax vulnerable to cross-site scripting
Overview Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...
BirdBlog vulnerable to cross-site scripting
Overview BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
JVN#87373393: BirdBlog vulnerable to cross-site scripting
BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use BirdBlog BirdBlog is no longer being developed or maintained, therefore it is recommended to stop using BirdBlog. Produc...
JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)
GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interface via port 8001. The administrative web interface uses a version of the Apache HTTP server which...
JVN#66285408: Aflax vulnerable to cross-site scripting
Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Aflax According t...
Huawei E5332 vulnerable to denial-of-service (DoS)
Overview Huawei E5332 contains a denial-of-service DoS vulnerability. Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contain an issue when processing a URL that is extremely long, which may lead to the device to terminate abnormally. Shuto Imai of Chukyo Univ...
Huawei E5332 vulnerable to denial-of-service (DoS)
Overview Huawei E5332 contains a denial-of-service DoS vulnerability. Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting. Shuto Imai of Chukyo...
JVN#63587560: Huawei E5332 vulnerable to denial-of-service (DoS)
Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting. Impact An attacker that can send requests to the device may cause the device to become...
JVN#58417930: Huawei E5332 vulnerable to denial-of-service (DoS)
Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contain an issue when processing a URL that is extremely long, which may lead to the device to terminate abnormally. Impact An attacker that can send requests to the device may cause the device to become unresponsive...
Safari issue in handling application cache
Overview Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on. Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...
Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
Overview Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Yahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN. JPCERT/CC coordinated with Yahoo Japan...
N-Media file uploader vulnerability in handling uploaded files
Overview N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability CWE-264 in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
jigbrowser+ for iOS same origin policy bypass
Overview jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
SLFileManager for Android vulnerable to directory traversal
Overview SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#16485017: SLFileManager for Android vulnerable to directory traversal
SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges ...
JVN#80531230: jigbrowser+ for iOS same origin policy bypass
jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Impact By using JavaScript, an attacker may obtain sensitive data from a different domain in violation of the same origin policy. Solution Update the Software Update to the late...
JVN#45442753: Safari issue in handling application cache
Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on. Impact After a website is visited when the private browsing function is turned off and the...
JVN#87863382: N-Media file uploader vulnerability in handling uploaded files
N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability CWE-264 in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed. Impact A user with "Author" privileges and above may execute an arbitrary command o...
JVN#48270605: Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version...
Yuko Yuko App for Android fails to verify SSL server certificates
Overview Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Shunsuke Taniguchi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
JVN#04560253: Yuko Yuko App for Android fails to verify SSL server certificates
Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. As a result, an attacker may obtain information entered into web forms. Solution Update the...
Dotclear vulnerable to cross-site scripting
Overview Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a crafted page while...