5625 matches found
JVN#38790987: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error messages, which may lead to cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the updat...
JVN#06377589: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update or the patch Apply the update or the patch according to the...
JVN#11221613: EC-CUBE vulnerable to cross-site request forgery
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Apply the update or the patch Apply the upda...
JVN#61077110: EC-CUBE vulnerable to information disclosure
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Impact A user who visits the shopping site may view the information managed by the website owner...
JVN#06870202: EC-CUBE information disclosure vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact When the server receives a specially crafted request, the absolute path of the product on the server may be obtained. Solution Apply the update or...
ASP.NET vulnerable to open redirect
Overview ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component. ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component. Therefore a web application that implements ASP.NET may be vulnerabl...
JVN#71256611: ASP.NET vulnerable to open redirect
ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component. Therefore a web application that implements ASP.NET may be vulnerable. Impact The user who accesses the web application that implements ASP.NET may be redirected to an arbitrary website. ...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. For more information, please refer to the developer's website...
JVN#44999463: Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. For more information, please refer to the developer's website. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution...
Page Scroller vulnerable to cross-site scripting
Overview The ZIP archive for Page Scroller contains an issue where it includes a version of jQuery that is vulnerable to cross-site scripting. Page Scroller from coliss is a script that uses jQuery. In addition to Page Scroller being avaliable just as a script, it is also available as a ZIP archi...
TOWN (modified version) vulnerable to cross-site scripting
Overview TOWN modified version contains a cross-site scripting vulnerability. TOWN modified version provided by Tattyan's HP contains a cross-site scripting vulnerability. Yu Yagihashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
JVN#28467717: Page Scroller vulnerable to cross-site scripting
Page Scroller from coliss is a script that uses jQuery. In addition to Page Scroller being avaliable just as a script, it is also available as a ZIP archive that includes jQuery and demo files. The jQuery included in the ZIP archive contains a known cross-site scripting vulnerability CVE-2011-496...
JVN#12513975: TOWN (modified version) vulnerable to cross-site scripting
TOWN modified version provided by Tattyan's HP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected TOWN...
Tiki Wiki CMS Groupware vulnerable to SQL injection
Overview Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary SQL...
Tiki Wiki CMS Groupware vulnerable to cross-site scripting
Overview Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#75720314: Tiki Wiki CMS Groupware vulnerable to SQL injection
Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a SQL injection vulnerability. Impact An arbitrary SQL command may be executed in the database the product is referencing. Solution Apply an Update Apply the appropriate update for the version of the software being use...
JVN#81813850: Tiki Wiki CMS Groupware vulnerable to cross-site scripting
Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged in. Solution Apply an Update Apply the appropriate update for the version of the software bei...
Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)
Overview Multiple products that use International Components for Unicode ICU contain a use-after-free vulnerability. International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version, ICU4J are available. Multiple products that use ICU4C...
Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)
Overview Multiple products that use International Components for Unicode ICU contain a denial-of-service DoS vulnerability. International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version ICU4J are available. Multiple products that use ICU...
JVN#85336306: Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)
International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version, ICU4J are available. Multiple products that use ICU4C contain a use-after-free vulnerability. ICU released ICU4C version 52.1 that addresses this vulnerability on October 9,...
JVN#70739377: Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)
International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version ICU4J are available. Multiple products that use ICU4C contain a denial-of-service vulnerability due to a race condition. ICU released ICU4C version 50.1.1 that addresses this...
RockDisk vulnerable to cross-site scripting
Overview RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#74608669: RockDisk vulnerable to cross-site scripting
RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update provided by the developer. Products...
HDL-A and HDL2-A Series vulnerable in session management
Overview HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/C...
JVN#52509236: HDL-A and HDL2-A Series vulnerable in session management
HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Impact A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or...
Accela BizSearch vulnerable to cross-site scripting
Overview Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#33788325: Accela BizSearch vulnerable to cross-site scripting
Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information...
Arbitrary Commands Execution Vulnerability in JP1/Base
Overview The JP1/Base contains a vulnerability where arbitrary commands may be executed when it receives request messages from unexpected hosts in the network. Impact Malicious users can exploit this vulnerability to execute arbitrary commands by sending request messages from an unexpected host...
Arbitrary Commands Execution Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
Overview The JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability where arbitrary commands may be executed when they receive request messages from unexpected hosts in the network. Impact Malicious users can exploit this vulnerability to execute...
Multiple vulnerabilities in Java bundled with Hitachi JP1/Cm2/Network Node Manager i
Overview The Java bundled with Hitachi JP1/Cm2/Network Node Manager i contains multiple vulnerabilities. Impact Malicious remote users can exploit this vulnerability to disrupt services, disclose configuration data or execute arbitrary script. Solution Please refer to the 'Vendor Information'...
Multiple vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i
Overview Hitachi JP1/Cm2/Network Node Manager i contains multiple vulnerabilities. Impact Malicious remote users can exploit this vulnerability to disrupt services, disclose configuration data or execute arbitrary script. Solution Please refer to the 'Vendor Information' section for the official...
D-Link DES-3810 Series vulnerable to denial-of-service (DoS)
Overview DES-3810 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
D-Link DWL-2100AP vulnerable to denial-of-service (DoS)
Overview DWL-2100AP provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
SEIL Series routers vulnerable to buffer overflow
Overview SEIL Series routers contain a buffer overflow vulnerability. The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages. Impact An attacker may execute an arbitrary code on the...
SEIL Series routers vulnerable in RADIUS authentication
Overview SEIL Series routers contain a vulnerability in RADIUS authentication. The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated...
JVN#43152129: SEIL Series routers vulnerable to buffer overflow
The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages. Impact An attacker may execute an arbitrary code on the vulnerable system. Solution Update the Firmware Apply the appropriate...
JVN#40079308: SEIL Series routers vulnerable in RADIUS authentication
The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated random numbers to be easily predicted. Impact An attacker who can intercept...
JVN#03082733: D-Link DWL-2100AP vulnerable to denial-of-service (DoS)
DWL-2100AP provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Impact A user who can login with SSH may cause the product to reboot. Solution Update the Firmware Update the firmware to version R252JP-RC572 or later according to the...
JVN#70245052: D-Link DES-3810 Series vulnerable to denial-of-service (DoS)
DES-3810 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Impact A user who can login with SSH may cause the product to stop responding. Solution Update the Firmware Update the firmware to version R2.20.011 or later according to...
Internet Explorer vulnerable to arbitrary code execution
Overview Internet Explorer contains a vulnerability that may allow arbitrary code execution. According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited. Impact If a user views a specially crafted web page, an arbitrary code may be...
Multiple broadband routers may behave as open resolvers
Overview Multiple broadband routers contain an issue where they may behave as open resolvers. A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may...
JVN#27443259: Internet Explorer vulnerable to arbitrary code execution
Internet Explorer contains a vulnerability that may allow arbitrary code execution. According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited. Impact If a user views a specially crafted web page, an arbitrary code may be executed...
JVN#62507275: Multiple broadband routers may behave as open resolvers
A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. Impact The device may be used in a DNS amplification attack and...
ChamaCargo vulnerable to cross-site scripting
Overview ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability. Koki Takahashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
JVN#77455005: ChamaCargo vulnerable to cross-site scripting
ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided b...
Opera vulnerable to cross-site scripting
Overview Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided ...
JVN#01094166: Opera vulnerable to cross-site scripting
Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the...
Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page. Motoki Nishio of VALTES CO.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#53014207: Cybozu Office vulnerable to cross-site scripting
Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page. Impact An arbitrary script may be executed on the web browser of an user who is logged in. Solution Update the software Update to the latest version according to th...
Apache Struts vulnerable to remote command execution
Overview Apache Struts contains a remote command execution vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the...