5625 matches found
Security File Manager vulnerable to directory traversal
Overview Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
tetra filer vulnerable to directory traversal
Overview tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
ZIP with Pass vulnerable to directory traversal
Overview ZIP with Pass provided by aokitaka contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
JVN#44392991: Security File Manager vulnerable to directory traversal
Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...
JVN#88313872: ZIP with Pass vulnerable to directory traversal
ZIP with Pass provided by aokitaka contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...
JVN#51285738: tetra filer vulnerable to directory traversal
tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...
JVN#85716574: NeoFiler vulnerable to directory traversal
NeoFiler provided by SkyArts.com contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...
HP Autonomy Ultraseek vulnerable to cross-site scripting
Overview HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
JVN#69700259: HP Autonomy Ultraseek vulnerable to cross-site scripting
HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the Software Update the...
Xml eXternal Entity Vulnerability in Hitachi Cosminexus
Overview When using Cosminexus JAX-WS, XXE Xml eXternal Entity in Hitachi Cosminexus Component Container contains a vulnerability that may cause information leakage. Impact A remote attacker could obtain information via SOAP message loading unexpected external entities. Solution Please refer to t...
Cybozu Garoon Keitai vulnerable to authentication bypass
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability. Impact When an attacker sends a specially crafted request that includes a user ID for a user that has the Keitai function enabled, authentication using Keitai may b...
Cybozu Garoon vulnerable to SQL injection
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection. Impact A user who can log in to the system may alter information stored in the database. Solution Apply the Patch Apply the appropria...
JVN#60997973: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection. Impact A user who can log in to the system may alter information stored in the database. Solution Apply the Patch Apply the appropriate patch...
JVN#81706478: Cybozu Garoon Keitai vulnerable to authentication bypass
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability. Impact When an attacker sends a specially crafted request that includes a user ID for a user that has the Keitai function enabled, authentication using Keitai may be bypasse...
VMware ESX and ESXi may allow access to arbitrary files
Overview VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warni...
IrfanView vulnerable to buffer overflow
Overview IrfanView is an application for viewing images of many different file formats. IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled. Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA...
JVN#63194482: IrfanView vulnerable to buffer overflow
IrfanView is an application for viewing images of many different file formats. IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled. Impact When processing a specially crafted file contained in a folder named using multi-byte...
JVN#13154935: VMware ESX and ESXi may allow access to arbitrary files
VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Impact Users that have privileges to execute "Add New Disk" or "Add Existing Disk" in vCenter Server may obtain read and write access to arbitra...
Android OS vulnerable to arbitrary Java method execution
Overview Android OS contains a vulnerability where an arbitrary Java method may be executed. Tamami Eguchi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When viewing a specially crafted page using the...
JVN#53768697: Android OS vulnerable to arbitrary Java method execution
Android OS contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted page using the standard Android browser or an other application that uses the WebView class, Android OS may be rebooted or arbitrary code may be executed without intent from...
Juniper ScreenOS vulnerable to denial-of-service (DoS)
Overview ScreenOS provided by Juniper Networks contains a denial-of-service DoS vulnerability. Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When processing a malicious packe...
JVN#28436508: Juniper ScreenOS vulnerable to denial-of-service (DoS)
ScreenOS provided by Juniper Networks contains a denial-of-service DoS vulnerability. Impact When processing a malicious packet, the device may hang. Solution Enable the "Ping of Death Screen" Enable the "Ping of Death Screen" setting according to the information provided by the developer...
Cybozu Dezie vulnerable to cross-site scripting
Overview Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the web browser o...
JVN#21336955: Cybozu Dezie vulnerable to cross-site scripting
Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...
Cybozu Garoon vulnerable to session fixation
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result, information may be disclosed or altered. Solution Update the Software Update to the...
Cybozu Garoon vulnerable to mail header injection
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered...
Cybozu Garoon vulnerable to denial-of-service (DoS)
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact A denial-of-service DoS attack via Garoon 3 Keitai may cause high CPU usage on the server. Solution Update the Software Update to the latest version according to th...
Cybozu Garoon vulnerable to SQL injection
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function. Impact A user who can log in to the product may execute an arbitrary SQL command in the database that the product is referencing. Solution Update the Softwar...
Multiple cross-site scripting vulnerabilities in Cybozu Garoon
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provid...
JVN#23981867: Multiple cross-site scripting vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#87729477: Cybozu Garoon vulnerable to session fixation
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result, information may be disclosed or altered. Solution Update the Software Update to the latest versi...
JVN#82375148: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function. Impact A user who can log in to the product may execute an arbitrary SQL command in the database that the product is referencing. Solution Update the Software Update ...
JVN#94245330: Cybozu Garoon vulnerable to denial-of-service (DoS)
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact A denial-of-service DoS attack via Garoon 3 Keitai may cause high CPU usage on the server. Solution Update the Software Update to the latest version according to the...
JVN#84221103: Cybozu Garoon vulnerable to mail header injection
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered. Solutio...
TOWN (modified version) vulnerable to directory traversal
Overview TOWN modified version provided by Tattyan's HP contains a directory traversal vulnerability. Misukuro reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may obtain arbitrary...
JVN#41703192: TOWN (modified version) vulnerable to directory traversal
TOWN modified version provided by Tattyan's HP contains a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files on the server. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected TOWN...
Buffer Overflow Vulnerability in the log function of Interstage HTTP Server
Overview The log function ihsrlog/rotatelogs of Interstage HTTP Server contains a buffer overflow vulnerability. Impact An attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates
Overview KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates. Yamano Yasuaki of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-mindd...
D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
Overview DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the Web manager function. Note that this vulnerability is different from JVN65312543. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA...
D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
Overview DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the implementation of SSH. Note that this vulnerability is different from JVN28812735. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IP...
JVN#28812735: D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the Web manager function. Impact A remote attacker may cause the product to stop responding. Solution Update the Firmware Update to the latest version of firmware according to the informatio...
JVN#97810280: KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates
KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by th...
JVN#65312543: D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the implementation of SSH. Impact A user who can login using SSH may cause the product to stop responding. Solution Update the Firmware Update to the latest version of firmware according to...
EC-CUBE information disclosure vulnerability
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the develope...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...
EC-CUBE information disclosure vulnerability
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Gen Sato reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...
EC-CUBE vulnerable to cross-site request forgery
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Gen Sato reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error messages, which may lead to cross-site scripting. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
EC-CUBE vulnerable to information disclosure
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#55630933: EC-CUBE information disclosure vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. Impact User's information may be obtained or altered by other user who visits the shopping site. Solution...