5609 matches found
JVN#17637243: Kindle App for Android fails to verify SSL server certificates
Kindle App for Android fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...
MailPoet Newsletters vulnerable to cross-site request forgery
Overview MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Yoshinori Matsumoto reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a use...
JVN#94409737: MailPoet Newsletters vulnerable to cross-site request forgery
MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the...
Advance-Flow vulnerable to SQL injection
Overview Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
JVN#20812625: Advance-Flow vulnerable to SQL injection
Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Impact A user may obtain or alter information on the database. Solution Do not use Advance-Flow The developer has stated that the support of Advance-Flow has been discontinued thus...
Cakifo vulnerable to cross-site scripting
Overview Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on...
JVN#27531188: Cakifo vulnerable to cross-site scripting
Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the theme Update to the latest version according to the information provided by the developer. Products Affected Cakifo 1.0 ...
Shutter vulnerable to cross-site scripting
Overview Shutter provided by tenfourzero is a web package allowing users to share their photos. Shutter contains a cross-site scripting vulnerability, which can be exploited through the SQL injection vulnerability JVN48039501. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
Shutter vulnerable to SQL injection
Overview Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#48039501: Shutter vulnerable to SQL injection
Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Uninstall the Software...
JVN#04455183: Shutter vulnerable to cross-site scripting
Shutter provided by tenfourzero is a web package allowing users to share their photos. Shutter contains a cross-site scripting vulnerability, which can be exploited through the SQL injection vulnerability JVN48039501. Impact If an administrator views a malicious page while logged in, an arbitrary...
Ameba for Android contains an issue where it fails to verify SSL server certificates
Overview Ameba for Android contains an issue where it fails to verify SSL server certificates. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an attacker...
JVN#27702217: Ameba for Android contains an issue where it fails to verify SSL server certificates
Ameba for Android contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the develope...
Dominion KX2-101 vulnerable to denial-of-service (DoS)
Overview Dominion KX2-101 provided by Raritan Japan, Inc. contains a denial-of-service DoS vulnerability. Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service DoS vulnerability. Yusuke Okano reported this vulnerability to IPA...
JVN#07957080: Dominion KX2-101 vulnerable to denial-of-service (DoS)
Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service DoS vulnerability. Impact By receiving a specially crafted packet, the product may be forced to stop responding. Solution Upgrade to Dominion KX2-101 V2 The vulnerability has be...
Piwigo vulnerable to SQL injection
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Piwigo vulnerable to cross-site scripting
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Piwigo vulnerable to cross-site scripting
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability when the "Community" plugin is activated and validation on user uploaded photos is disabled. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
JVN#09717399: Piwigo vulnerable to cross-site scripting
Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the developer. According to t...
JVN#80310172: Piwigo vulnerable to cross-site scripting
Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability when the "Community" plugin is activated and validation on user uploaded photos is disabled. Impact When a user views a specially crafted image, arbitrary JavaScript may be execute...
JVN#87962145: Piwigo vulnerable to SQL injection
Piwigo is a software to manage and host image files on the web. Piwigo contains a SQL injection vulnerability. Impact An authenticated attacker may obtain information stored in the database. Solution Apply a patch Apply the patch according to the information provided by the developer. According t...
GOM Player vulnerable to denial-of-service (DoS)
Overview GOM Player provided by Gretech contains a denial-of-service DoS vulnerability due to an issue in processing an image file. Security Engineering Laboratory, IT Security CenterISEC, IPA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#32726697: GOM Player vulnerable to denial-of-service (DoS)
GOM Player provided by Gretech contains a denial-of-service DoS vulnerability due to an issue in processing an image file. Impact When processing a specially crafted image file, the player may not be launched. Solution Update the Software Update to the latest version according to the information...
ServerView Operations Manager vulnerable to cross-site scripting
Overview ServerView Operations Manager provided by FUJITSU LIMITED is server management software. ServerView Operations Manager contains a cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#22534185: ServerView Operations Manager vulnerable to cross-site scripting
ServerView Operations Manager provided by FUJITSU LIMITED is server management software. ServerView Operations Manager contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
Outlook.com for Android contains an issue where it fails to verify SSL server certificates
Overview Outlook.com for Android contains an issue where it fails to verify SSL server certificates. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...
JVN#72950786: Outlook.com for Android contains an issue where it fails to verify SSL server certificates
Outlook.com for Android contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...
Multiple I-O DATA IP Cameras vulnerable to authentication bypass
Overview Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability. Impact An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. Solution Apply an upda...
PerlMailer vulnerable to cross-site scripting
Overview PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...
acmailer contains a cross-site request forgery vulnerability
Overview Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a...
JVN#94592501: Multiple I-O DATA IP Cameras vulnerable to authentication bypass
Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability. Impact An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. Solution Apply an update Update...
JVN#42511610: acmailer contains a cross-site request forgery vulnerability
Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information registered in the product may be altered or deleted, or in some cases, the authorization privilege can be stolen. Solution Update the Software...
JVN#85748534: PerlMailer vulnerable to cross-site scripting
PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
Arbitrary program execution vulnerability in TrendLink ActiveX control
Overview TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted. Security Research and Service Institute - Information and...
JVN#30281958: Arbitrary program execution vulnerability in TrendLink ActiveX control
TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted. Impact A remote attacker may create an arbitrary file on the system and as a...
FuelPHP vulnerable to remote code execution
Overview FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
File Explorer vulnerable to directory traversal
Overview File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Meridian vulnerable to cross-site scripting
Overview Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Kazuyuki Matsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#94791545: FuelPHP vulnerable to remote code execution
FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Impact When specially crafted input is processed, arbitrary files may be deleted or arbitrary code may be executed on the...
JVN#36028879: Meridian vulnerable to cross-site scripting
Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...
JVN#84335912: File Explorer vulnerable to directory traversal
File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileg...
Multifunctional MailForm Free vulnerable to cross-site scripting
Overview Multifunctional MailForm Free provided by PHP Kobo contains a cross-site scripting vulnerability. Multifunctional MailForm Free contains an issue in processing HTTP Referer headers, which may cause cross-site scripting. Impact By opening a specially crafted HTML document, an arbitrary...
JVN#41028866: Multifunctional MailForm Free vulnerable to cross-site scripting
Multifunctional MailForm Free contains an issue in processing HTTP Referer headers, which may cause cross-site scripting. Impact By opening a specially crafted HTML document, an arbitrary sctipt may be executed. Solution Update the software Update to the latest version according to the informatio...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update t...
Cybozu Garoon vulnerable to access restriction bypass
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update...
Cybozu Garoon 3 API access restriction bypass vulnerability
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest...
Cybozu Garoon CGI vulnerable to remote command execution
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
Seasar S2Struts vulnerable to ClassLoader manipulation
Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Cybozu, Inc...