5609 matches found
JVN#81813850: Tiki Wiki CMS Groupware vulnerable to cross-site scripting
Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged in. Solution Apply an Update Apply the appropriate update for the version of the software bei...
Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)
Overview Multiple products that use International Components for Unicode ICU contain a use-after-free vulnerability. International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version, ICU4J are available. Multiple products that use ICU4C...
Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)
Overview Multiple products that use International Components for Unicode ICU contain a denial-of-service DoS vulnerability. International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version ICU4J are available. Multiple products that use ICU...
JVN#85336306: Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)
International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version, ICU4J are available. Multiple products that use ICU4C contain a use-after-free vulnerability. ICU released ICU4C version 52.1 that addresses this vulnerability on October 9,...
JVN#70739377: Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)
International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version ICU4J are available. Multiple products that use ICU4C contain a denial-of-service vulnerability due to a race condition. ICU released ICU4C version 50.1.1 that addresses this...
RockDisk vulnerable to cross-site scripting
Overview RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#74608669: RockDisk vulnerable to cross-site scripting
RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update provided by the developer. Products...
HDL-A and HDL2-A Series vulnerable in session management
Overview HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/C...
JVN#52509236: HDL-A and HDL2-A Series vulnerable in session management
HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Impact A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or...
Accela BizSearch vulnerable to cross-site scripting
Overview Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#33788325: Accela BizSearch vulnerable to cross-site scripting
Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information...
Arbitrary Commands Execution Vulnerability in JP1/Base
Overview The JP1/Base contains a vulnerability where arbitrary commands may be executed when it receives request messages from unexpected hosts in the network. Impact Malicious users can exploit this vulnerability to execute arbitrary commands by sending request messages from an unexpected host...
Arbitrary Commands Execution Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
Overview The JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability where arbitrary commands may be executed when they receive request messages from unexpected hosts in the network. Impact Malicious users can exploit this vulnerability to execute...
Multiple vulnerabilities in Java bundled with Hitachi JP1/Cm2/Network Node Manager i
Overview The Java bundled with Hitachi JP1/Cm2/Network Node Manager i contains multiple vulnerabilities. Impact Malicious remote users can exploit this vulnerability to disrupt services, disclose configuration data or execute arbitrary script. Solution Please refer to the 'Vendor Information'...
Multiple vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i
Overview Hitachi JP1/Cm2/Network Node Manager i contains multiple vulnerabilities. Impact Malicious remote users can exploit this vulnerability to disrupt services, disclose configuration data or execute arbitrary script. Solution Please refer to the 'Vendor Information' section for the official...
D-Link DES-3810 Series vulnerable to denial-of-service (DoS)
Overview DES-3810 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
D-Link DWL-2100AP vulnerable to denial-of-service (DoS)
Overview DWL-2100AP provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
SEIL Series routers vulnerable to buffer overflow
Overview SEIL Series routers contain a buffer overflow vulnerability. The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages. Impact An attacker may execute an arbitrary code on the...
SEIL Series routers vulnerable in RADIUS authentication
Overview SEIL Series routers contain a vulnerability in RADIUS authentication. The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated...
JVN#43152129: SEIL Series routers vulnerable to buffer overflow
The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages. Impact An attacker may execute an arbitrary code on the vulnerable system. Solution Update the Firmware Apply the appropriate...
JVN#70245052: D-Link DES-3810 Series vulnerable to denial-of-service (DoS)
DES-3810 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Impact A user who can login with SSH may cause the product to stop responding. Solution Update the Firmware Update the firmware to version R2.20.011 or later according to...
JVN#40079308: SEIL Series routers vulnerable in RADIUS authentication
The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated random numbers to be easily predicted. Impact An attacker who can intercept...
JVN#03082733: D-Link DWL-2100AP vulnerable to denial-of-service (DoS)
DWL-2100AP provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Impact A user who can login with SSH may cause the product to reboot. Solution Update the Firmware Update the firmware to version R252JP-RC572 or later according to the...
Internet Explorer vulnerable to arbitrary code execution
Overview Internet Explorer contains a vulnerability that may allow arbitrary code execution. According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited. Impact If a user views a specially crafted web page, an arbitrary code may be...
Multiple broadband routers may behave as open resolvers
Overview Multiple broadband routers contain an issue where they may behave as open resolvers. A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may...
JVN#27443259: Internet Explorer vulnerable to arbitrary code execution
Internet Explorer contains a vulnerability that may allow arbitrary code execution. According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited. Impact If a user views a specially crafted web page, an arbitrary code may be executed...
JVN#62507275: Multiple broadband routers may behave as open resolvers
A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. Impact The device may be used in a DNS amplification attack and...
ChamaCargo vulnerable to cross-site scripting
Overview ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability. Koki Takahashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
JVN#77455005: ChamaCargo vulnerable to cross-site scripting
ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided b...
Opera vulnerable to cross-site scripting
Overview Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided ...
JVN#01094166: Opera vulnerable to cross-site scripting
Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the...
Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page. Motoki Nishio of VALTES CO.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#53014207: Cybozu Office vulnerable to cross-site scripting
Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page. Impact An arbitrary script may be executed on the web browser of an user who is logged in. Solution Update the software Update to the latest version according to th...
Apache Struts vulnerable to remote command execution
Overview Apache Struts contains a remote command execution vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the...
VMware ESX and ESXi vulnerable to buffer overflow
Overview VMware ESX and ESXi contains a buffer overflow vulnerability. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may cause a denial-of-service DoS or execute...
VMware ESX and ESXi vulnerable to directory traversal
Overview VMware ESX and ESXi contains a directory traversal vulnerability. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may delete arbitrary files on the host operati...
JVN#72911629: VMware ESX and ESXi vulnerable to directory traversal
VMware ESX and ESXi contains a directory traversal vulnerability. Impact A remote attacker may delete arbitrary files on the host operating system. Solution Apply an Update Apply the latest update for the version of the software being used. Products Affected VMware ESXi 5.0 without patch...
JVN#33504150: Apache Struts vulnerable to remote command execution
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the developer published as S2-016 on July 16, 2013 Note that attacks leveraging...
JVN#19847770: VMware ESX and ESXi vulnerable to buffer overflow
VMware ESX and ESXi contains a buffer overflow vulnerability. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Apply an Update Apply the latest update for the version of the software being used. Products Affected VMware ESXi 5.0 without patch...
EC-CUBE vulnerable to directory traversal when used in Windows
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability when used in Windows. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#15973066: EC-CUBE vulnerable to directory traversal when used in Windows
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability when used in Windows. Impact A remote attacker may obtain arbitrary files on the server. Solution Apply the update or patch Apply the update or patch accordin...
PHP OpenID Library vulnerable to XML external entity injection
Overview The PHP OpenID Library contains an XML external entity injection vulnerability. Takeshi Terada from Mitsui Bussan Secure Directions, Inc. and Kosuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection
The PHP OpenID Library contains an XML external entity injection vulnerability. Impact When processing specially crafted XRDS data, information on the server may be disclosed or server resources may be consumed excessively. Solution Apply a Patch The source code in the repository has been fixed...
Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
Overview Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense Kobe Digital Labo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Yafuoku! contains an issue where it fails to verify SSL server certificates
Overview Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense Kobe Digital Labo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#75084836: Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version...
JVN#68156832: Yafuoku! contains an issue where it fails to verify SSL server certificates
Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the informati...
Cybozu Mailwise vulnerable to information disclosure
Overview Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field. Impact Contents of an email may be obtained by a user that does not have privileges to access that original email. Solution Update the Software Update to the latest version according...
JVN#21103639: Cybozu Mailwise vulnerable to information disclosure
Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field. Impact Contents of an email may be obtained by a user that does not have privileges to access that original email. Solution Update the Software Update to the latest version according to the...
docomo overseas usage application vulnerability in the connection process
Overview docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user informatio...