5625 matches found
Bump for Android vulnerable in handling of implicit intents
Overview Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#08994136: Bump for Android vulnerable in handling of implicit intents
Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Impact Information such as the owner's name that was obtained from another device may be disclosed. Solution Do not use Bump for...
JVN#61637002: Dotclear vulnerable to cross-site scripting
Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Impact If a user views a crafted page while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the infomration...
FileMaker Pro fails to verify SSL server certificates
Overview FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-2319. Impact A man-in-the-minddle attack may allow an attacker to...
FileMaker Pro vulnerable to cross-site scripting
Overview FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-3640. Impact An arbitrary script may be executed on the user's web browser...
365 Links series vulnerable to cross-site scripting
Overview 365 Links series provided by php365.com are link directory management tools. 365 Links series contain a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#36205251: 365 Links series vulnerable to cross-site scripting
365 Links series provided by php365.com are link directory management tools. 365 Links series contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information...
Help Page in multiple Adobe products vulnerable to cross-site scripting
Overview The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...
JVN#84376800: Help Page in multiple Adobe products vulnerable to cross-site scripting
The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of the product according to the information provided by the developer...
Movable Type vulnerable to cross-site scripting
Overview Movable Type provided by Six Apart, Ltd. contains a cross-site scripting vulnerability. Movable Type contains an issue in processing the management page, which may result in a cross-site scripting vulnerability. Saeki Tominaga reported this vulnerability to IPA. JPCERT/CC coordinated wit...
JVN#73357573: Movable Type vulnerable to cross-site scripting
Movable Type contains an issue in processing the management page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed or a false form may be displayed on the administrator's web browser. Solution Update the software Update to the latest version...
WisePoint vulnerable to session fixation
Overview WisePoint provided by Falcon System Consulting, Inc. contains a session fixation vulnerability. Hiroki Ikemoto of NTT SOFT SERVICE Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker m...
EmFTP may insecurely load executable files
Overview EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" without an extension and an executable "example.exe" are in the same directory, attemtping to open t...
JVN#50367052: EmFTP may insecurely load executable files
EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" without an extension and an executable "example.exe" are in the same directory, attemtping to open the file...
JVN#49672671: WisePoint vulnerable to session fixation
WisePoint provided by Falcon System Consulting, Inc. contains a session fixation vulnerability. Impact An attacker may impersonate a registered user. As a result, information may be disclosed or altered. Solution Update the Software Update to the latest version according to the information provid...
Kindle App for Android fails to verify SSL server certificates
Overview Kindle App for Android fails to verify SSL server certificates. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...
JVN#17637243: Kindle App for Android fails to verify SSL server certificates
Kindle App for Android fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...
MailPoet Newsletters vulnerable to cross-site request forgery
Overview MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Yoshinori Matsumoto reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a use...
JVN#94409737: MailPoet Newsletters vulnerable to cross-site request forgery
MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the...
Advance-Flow vulnerable to SQL injection
Overview Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
JVN#20812625: Advance-Flow vulnerable to SQL injection
Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Impact A user may obtain or alter information on the database. Solution Do not use Advance-Flow The developer has stated that the support of Advance-Flow has been discontinued thus...
Cakifo vulnerable to cross-site scripting
Overview Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on...
JVN#27531188: Cakifo vulnerable to cross-site scripting
Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the theme Update to the latest version according to the information provided by the developer. Products Affected Cakifo 1.0 ...
Shutter vulnerable to cross-site scripting
Overview Shutter provided by tenfourzero is a web package allowing users to share their photos. Shutter contains a cross-site scripting vulnerability, which can be exploited through the SQL injection vulnerability JVN48039501. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
Shutter vulnerable to SQL injection
Overview Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#04455183: Shutter vulnerable to cross-site scripting
Shutter provided by tenfourzero is a web package allowing users to share their photos. Shutter contains a cross-site scripting vulnerability, which can be exploited through the SQL injection vulnerability JVN48039501. Impact If an administrator views a malicious page while logged in, an arbitrary...
JVN#48039501: Shutter vulnerable to SQL injection
Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Uninstall the Software...
Ameba for Android contains an issue where it fails to verify SSL server certificates
Overview Ameba for Android contains an issue where it fails to verify SSL server certificates. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an attacker...
JVN#27702217: Ameba for Android contains an issue where it fails to verify SSL server certificates
Ameba for Android contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the develope...
Dominion KX2-101 vulnerable to denial-of-service (DoS)
Overview Dominion KX2-101 provided by Raritan Japan, Inc. contains a denial-of-service DoS vulnerability. Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service DoS vulnerability. Yusuke Okano reported this vulnerability to IPA...
JVN#07957080: Dominion KX2-101 vulnerable to denial-of-service (DoS)
Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service DoS vulnerability. Impact By receiving a specially crafted packet, the product may be forced to stop responding. Solution Upgrade to Dominion KX2-101 V2 The vulnerability has be...
Piwigo vulnerable to SQL injection
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Piwigo vulnerable to cross-site scripting
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Piwigo vulnerable to cross-site scripting
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability when the "Community" plugin is activated and validation on user uploaded photos is disabled. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
JVN#09717399: Piwigo vulnerable to cross-site scripting
Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the developer. According to t...
JVN#87962145: Piwigo vulnerable to SQL injection
Piwigo is a software to manage and host image files on the web. Piwigo contains a SQL injection vulnerability. Impact An authenticated attacker may obtain information stored in the database. Solution Apply a patch Apply the patch according to the information provided by the developer. According t...
JVN#80310172: Piwigo vulnerable to cross-site scripting
Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability when the "Community" plugin is activated and validation on user uploaded photos is disabled. Impact When a user views a specially crafted image, arbitrary JavaScript may be execute...
GOM Player vulnerable to denial-of-service (DoS)
Overview GOM Player provided by Gretech contains a denial-of-service DoS vulnerability due to an issue in processing an image file. Security Engineering Laboratory, IT Security CenterISEC, IPA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#32726697: GOM Player vulnerable to denial-of-service (DoS)
GOM Player provided by Gretech contains a denial-of-service DoS vulnerability due to an issue in processing an image file. Impact When processing a specially crafted image file, the player may not be launched. Solution Update the Software Update to the latest version according to the information...
ServerView Operations Manager vulnerable to cross-site scripting
Overview ServerView Operations Manager provided by FUJITSU LIMITED is server management software. ServerView Operations Manager contains a cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#22534185: ServerView Operations Manager vulnerable to cross-site scripting
ServerView Operations Manager provided by FUJITSU LIMITED is server management software. ServerView Operations Manager contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
Outlook.com for Android contains an issue where it fails to verify SSL server certificates
Overview Outlook.com for Android contains an issue where it fails to verify SSL server certificates. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...
JVN#72950786: Outlook.com for Android contains an issue where it fails to verify SSL server certificates
Outlook.com for Android contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...
Multiple I-O DATA IP Cameras vulnerable to authentication bypass
Overview Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability. Impact An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. Solution Apply an upda...
PerlMailer vulnerable to cross-site scripting
Overview PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...
acmailer contains a cross-site request forgery vulnerability
Overview Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a...
JVN#85748534: PerlMailer vulnerable to cross-site scripting
PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
JVN#94592501: Multiple I-O DATA IP Cameras vulnerable to authentication bypass
Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability. Impact An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. Solution Apply an update Update...
JVN#42511610: acmailer contains a cross-site request forgery vulnerability
Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information registered in the product may be altered or deleted, or in some cases, the authorization privilege can be stolen. Solution Update the Software...
Arbitrary program execution vulnerability in TrendLink ActiveX control
Overview TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted. Security Research and Service Institute - Information and...