5625 matches found
Unzipper vulnerable to directory traversal
Overview Unzipper provided by R-Company contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Demaecan for Android. contains an issue where it fails to verify SSL server certificates
Overview Demaecan for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...
JVN#38227002: Unzipper vulnerable to directory traversal
Unzipper provided by R-Company contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...
JVN#16263849: Demaecan for Android. contains an issue where it fails to verify SSL server certificates
Demaecan for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...
JP1/File Transmission Server / FTP vulnerable to access control violation
Overview JP1/File Transmission Server/FTP has a vulnerability where an FTP client with limited access rights can bypass the access control and access arbitrary directories on the FTP server when enabling the directory access control function. Impact An attacker with login privileges to the FTP...
JP1/Integrated Management - Service Support vulnerable to cross-site scripting
Overview JP1/Integrated Management - Service Support has a cross-site scripting vulnerability, which occurs when receiving a request that contains malicious scripts when being used with JP1/Integrated Management - View. Impact An attacker can exploit this vulnerability to execute malicious script...
Cybozu Garoon vulnerable to SQL injection
Overview Cybozu Garoon contains a SQL injection vulnerability. Note that this vulnerability is different from JVN91153528. Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection. Impact A user w...
Cybozu Garoon vulnerable to directory traversal
Overview Cybozu Garoon contains a directory traversal vulnerability. Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server...
Cybozu Garoon vulnerable to session management
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management. Impact A user who can log in to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed. Solution For Cybozu Garoon 3.7: Apply...
Denny's App for Android. contains an issue where it fails to verify SSL server certificates
Overview Denny's App for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...
Norman Security Suite vulnerable to privilege escalation
Overview Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability. Satoshi Tanda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker with...
XooNIps vulnerable to cross-site scripting
Overview XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Koki Takahashi of Keiji Takeda La...
JVN#02017463: Norman Security Suite vulnerable to privilege escalation
Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability. Impact An attacker with access to the target machine may obtain escalated privileges and execute arbitrary code. Solution Apply an Update Apply the update according to the...
JVN#71045461: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection. Impact A user who can log in to the system may obtain or alter information on the system. Solution For Cybozu Garoon 3.7: Apply the Patch...
JVN#48810179: Denny's App for Android. contains an issue where it fails to verify SSL server certificates
Denny's App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#87797318: XooNIps vulnerable to cross-site scripting
XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed...
JVN#26393529: Cybozu Garoon vulnerable to directory traversal
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server. Solution For Cybozu Garoon 3.7: Apply the Patch Apply the appropriate...
JVN#24035499: Cybozu Garoon vulnerable to session management
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management. Impact A user who can log in to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed. Solution For Cybozu Garoon 3.7: Apply the Patch...
AutoCAD may insecurely load dynamic libraries
Overview AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
AutoCAD vulnerable to arbitrary VBScript execution
Overview AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution. kaito834 reported this vulnerability to...
Blackboard Vista/CE vulnerable to cross-site scripting
Overview Blackboard Vista/CE is a learning management system LMS. Blackboard Vista/CE contains a cross-site scripting vulnerability. ICHIHARA Ryohei of SERAKU Co.,Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#33382534: AutoCAD vulnerable to arbitrary VBScript execution
AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution. Impact Arbitrary VBScript code may be executed wi...
JVN#43254599: AutoCAD may insecurely load dynamic libraries
AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Upgrade t...
JVN#24730765: Blackboard Vista/CE vulnerable to cross-site scripting
Blackboard Vista/CE is a learning management system LMS. Blackboard Vista/CE contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...
Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Overview Apache Commons FileUpload contains a denial-of-service DoS vulnerability. Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool ...
JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Impact Processing a...
phpMyFAQ vulnerable to cross-site request forgery
Overview phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site reuqest forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information...
phpMyFAQ vulnerable to cross-site scripting
Overview phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of...
JVN#30050348: phpMyFAQ vulnerable to cross-site scripting
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of the...
JVN#50943964: phpMyFAQ vulnerable to cross-site request forgery
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information provided by t...
Opera browser for Android issue in handling intent scheme URL's
Overview Opera browser for Android contains an issue in the handling of intent scheme URL's. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a use...
JVN#23256725: Opera browser for Android issue in handling intent scheme URL's
Opera browser for Android contains an issue in the handling of intent scheme URL's. Impact When a user views a specially crafted page, the Opera browser for Android cookie file may be disclosed. Solution Apply an Update Apply the appropriate update for the version of the software being used...
Joyful Note vulnerable to cross-site scripting
Overview Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the lates...
JVN#30718178: Joyful Note vulnerable to cross-site scripting
Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version...
Sanshiro Series vulnerable to arbitrary code execution
Overview The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution Update the...
Multiple SQL injection vulnerabilities in Cybozu Garoon
Overview Cybozu Garoon contains multiple SQL injection vulnerabilities. Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection. Note that this vulnerability is different from JVN60997973. Impact A user who can log in to the...
JVN#28011378: Sanshiro Series vulnerable to arbitrary code execution
The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution Update the software App...
JVN#91153528: Multiple SQL injection vulnerabilities in Cybozu Garoon
Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection. Impact A user who can log in to the system may obtain or alter data in the database. Solution Apply the Patch Apply the appropriate patch according to the information...
OpenPNE vulnerable to PHP Object Injection
Overview OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Egidio Romano of Secunia reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote,...
SimZip (Simple Zip Viewer) vulnerable to directory traversal
Overview SimZip Simple Zip Viewer provided by Gapless Player contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
JVN#49384502: SimZip (Simple Zip Viewer) vulnerable to directory traversal
SimZip Simple Zip Viewer provided by Gapless Player contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application...
JVN#69986880: OpenPNE vulnerable to PHP Object Injection
OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Impact A remote, unauthenticated attacker may execute an arbitrary PHP code. Solution Apply an update Update to the latest version according to the information provided by the...
A Problem of CPU Consumption in Host Data Collector bundled with Hitachi Device Manager Software
Overview Host Data Collector bundled with Hitachi Device Manager Software contains a problem of CPU consumption. Impact When Host Data Collector receives a malicious unexpected request, a process of Host Data Collector might consume CPU resources. Solution Please refer to the 'Vendor Information'...
Information disclosure vulnerability in Sleipnir Mobile for Android
Overview Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may resul...
EC-CUBE vulnerable to authorization bypass
Overview EC-CUBE contains an authorization bypass vulnerability. EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability CWE-639. The developer reported this vulnerability to JPCERT/CC under Information Security...
EC-CUBE vulnerable to information alteration
Overview EC-CUBE contains an information alteration vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. aratana inc. reported this vulnerability to the developer. JPCERT/CC coordinated with...
JVN#81637882: Information disclosure vulnerability in Sleipnir Mobile for Android
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Impact When a website that a user is viewing requests the user's location information, Sleipnir...
JVN#17849447: EC-CUBE vulnerable to information alteration
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. Impact User's information may be altered by other user who visits the shopping site. Solution Apply the update or the patch Apply the update or the patch...
JVN#51770585: EC-CUBE vulnerable to authorization bypass
EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability CWE-639. Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. Solution Apply the update or...
NeoFiler vulnerable to directory traversal
Overview NeoFiler provided by SkyArts.com contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...