JVN#42024228: Cybozu Garoon CGI vulnerable to remote command execution

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Impact An arbitrary command may be executed on the server where Cybozu Garoon resides. Solution Update the Software Update to the latest version according to the information...

JVN#75990997: Cybozu Garoon vulnerable to access restriction bypass

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to the lates...

JVN#94838679: Cybozu Garoon vulnerable to cross-site scritping

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Softwa...

JVN#97558950: Cybozu Garoon vulnerable to cross-site scritping

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...

JVN#31082531: Cybozu Garoon 3 API access restriction bypass vulnerability

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version...

JVN#80583739: Cybozu Garoon vulnerable to cross-site scritping

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...

JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation

Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Impact On a server...

Becky! Internet Mail vulnerable to buffer overflow

Overview Becky! Internet Mail contains a buffer overflow vulnerability. Becky! Internet Mail contains an issue in processing responses from a POP3 server, which may result in a buffer overflow vulnerability. Shingo HAYASHI of Cyber Defense Institute, Inc reported this vulnerability to IPA...

JVN#35376006: Becky! Internet Mail vulnerable to buffer overflow

Becky! Internet Mail contains an issue in processing responses from a POP3 server, which may result in a buffer overflow vulnerability. Impact By receiving a specially crafted response, an arbitrary code may be executed. Solution Update the Software Update to the latest version according to the...

SX-2000WG vulnerable to denial-of-service (DoS)

Overview SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of IP packets, which may cause a denial-of-service DoS. Note that this vulnerability is...

SX-2000WG vulnerable to denial-of-service (DoS)

Overview SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of TCP Option header, which may cause a denial-of-service DoS. Note that this vulnerabili...

RockDisk vulnerable to cross-site scripting

Overview RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...

JVN#85571806: SX-2000WG vulnerable to denial-of-service (DoS)

SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of TCP Option header, which may cause a denial-of-service DoS. Impact A remote attacker may cause...

JVN#35998716: SX-2000WG vulnerable to denial-of-service (DoS)

SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of IP packets, which may cause a denial-of-service DoS. Impact A remote attacker may cause the...

Web Kyukincho vulnerable to cross-site request forgery

Overview Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution...

Web Kyukincho vulnerable to cross-site scripting

Overview Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the...

JVN#36259412: Web Kyukincho vulnerable to cross-site request forgery

Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the...

JVN#80006084: Web Kyukincho vulnerable to cross-site scripting

Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest...

Login rebuilder vulnerable to cross-site request forgery

Overview Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the...

Sophos Disk Encryption vulnerable to authentication bypass

Overview Sophos Disk Encryption contains an authentication bypass vulnerability. Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is...

JVN#05329568: Login rebuilder vulnerable to cross-site request forgery

Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the information...

JVN#63940326: Sophos Disk Encryption vulnerable to authentication bypass

Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is installed, no authentication is required before operating the PC. Impact An...

Webmin vulnerable to cross-site scripting

Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off. Note that "referrer checking" is enabled by default. hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Webmin vulnerable to cross-site scripting

Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Usermin vulnerable to cross-site scripting

Overview Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Usermin vulnerable to OS command injection

Overview Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

JVN#02213197: Webmin vulnerable to cross-site scripting

Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off. Note that "referrer checking" is enabled by default. Impact An arbitrary script may be executed on a user's web browser who is logged into Webmin. Solution...

JVN#92737498: Usermin vulnerable to cross-site scripting

Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser who is logged into Usermin. Solution Update the software Update to the latest version according to the information...

JVN#48805624: Usermin vulnerable to OS command injection

Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Impact When a user that is logged into Usermin performs a specific action, an arbitrary command may be executed. Solution Update the software Update to the latest version according to...

JVN#49974594: Webmin vulnerable to cross-site scripting

Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser who is logged into Webmin. Solution Update the software Update to the latest version according to the information provided by th...

JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates

Overview JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Akihisa Ishida reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allo...

JVN#10603428: JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates

JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...

TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation

Overview TERASOLUNA Server Framework for JavaWeb provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for JavaWeb bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated CVE-2014-0114...

050 plus for Android information management vulnerability

Overview 050 plus for Android contains an information management vulnerability. 050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product t...

JVN#07677464: 050 plus for Android information management vulnerability

050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product to a system log file on the device. Impact Android applications with permissions ...

JVN#30962312: TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation

TERASOLUNA Server Framework for JavaWeb provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for JavaWeb bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated CVE-2014-0114. Therefor...

SEIL Series routers vulnerable to denial-of-service (DoS)

Overview The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets. CWE-119 Impact By receiving a specially crafted TCP packet, a session established using PPPAC m...

Spring Framework vulnerable to directory traversal

Overview Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Informatio...

JVN#49154900: Spring Framework vulnerable to directory traversal

Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability. Impact A remote attacker may be able to access arbitrary files on the server. Solution Update the software Users of 3.x should update to version 3.2.9 or later and...

JVN#10724763: SEIL Series routers vulnerable to denial-of-service (DoS)

The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets. CWE-119 Impact By receiving a specially crafted TCP packet, a session established using PPPAC may be...

Xml eXternal Entity Vulnerability in XML link function of Hitachi COBOL2002

Overview XML link function of Hitachi COBOL2002 contains vulnerabilities to conduct information leakage or cause a denial of service DoS condition. Impact A remote attacker could conduct information leakage or cause a denial of service DoS condition via untrusted XML document loading unexpected...

Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option

Overview Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option contains cross-site scripting and cross-site request forgery CSRF vulnerabilities. These vulnerabilities can not be exploited, unless logging in these products. Impact A remote attackers could insert to malicious...

C-BOARD Moyuku vulnerable to cross-site scripting

Overview C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution

Overview "JUST Online Update" and "JUST Online Update for J-License and the management tools" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid. Please note that this is a flaw in t...

JVN#50129191: JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution

"JUST Online Update" and "JUST Online Update for J-License and the management tools" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid. Please note that this is a flaw in the online...

JVN#58029817: C-BOARD Moyuku vulnerable to cross-site scripting

C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Produc...

OpenSSL improper handling of Change Cipher Spec message

Overview OpenSSL improperly handles Change Cipher Spec message in the initial SSL/TLS handshake. OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key...

JVN#61247051: OpenSSL improper handling of Change Cipher Spec message

OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key material during the initial SSL/TLS handshake CWE-325. Impact SSL/TLS communication between the...

CN8000 vulnerable to denial-of-service (DoS)

Overview CN8000 provided by ATEN contains a denial-of-service DoS vulnerability. CN8000 provided by ATEN is a remote access unit used to connect a keyboard, mouse and monitor to two or more computers in a remote location. CN8000 contains a denial-of-service DoS vulnerability. Testuya Nagata of...

SOY CMS vulnerable to cross-site scripting

Overview SOY CMS contains a cross-site scripting vulnerability. SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is an open source content management system CMS. SOY CMS contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated...