5625 matches found
VMware ESX and ESXi vulnerable to buffer overflow
Overview VMware ESX and ESXi contains a buffer overflow vulnerability. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may cause a denial-of-service DoS or execute...
VMware ESX and ESXi vulnerable to directory traversal
Overview VMware ESX and ESXi contains a directory traversal vulnerability. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may delete arbitrary files on the host operati...
JVN#33504150: Apache Struts vulnerable to remote command execution
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the developer published as S2-016 on July 16, 2013 Note that attacks leveraging...
JVN#72911629: VMware ESX and ESXi vulnerable to directory traversal
VMware ESX and ESXi contains a directory traversal vulnerability. Impact A remote attacker may delete arbitrary files on the host operating system. Solution Apply an Update Apply the latest update for the version of the software being used. Products Affected VMware ESXi 5.0 without patch...
JVN#19847770: VMware ESX and ESXi vulnerable to buffer overflow
VMware ESX and ESXi contains a buffer overflow vulnerability. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Apply an Update Apply the latest update for the version of the software being used. Products Affected VMware ESXi 5.0 without patch...
EC-CUBE vulnerable to directory traversal when used in Windows
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability when used in Windows. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#15973066: EC-CUBE vulnerable to directory traversal when used in Windows
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability when used in Windows. Impact A remote attacker may obtain arbitrary files on the server. Solution Apply the update or patch Apply the update or patch accordin...
PHP OpenID Library vulnerable to XML external entity injection
Overview The PHP OpenID Library contains an XML external entity injection vulnerability. Takeshi Terada from Mitsui Bussan Secure Directions, Inc. and Kosuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection
The PHP OpenID Library contains an XML external entity injection vulnerability. Impact When processing specially crafted XRDS data, information on the server may be disclosed or server resources may be consumed excessively. Solution Apply a Patch The source code in the repository has been fixed...
Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
Overview Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense Kobe Digital Labo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Yafuoku! contains an issue where it fails to verify SSL server certificates
Overview Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense Kobe Digital Labo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#68156832: Yafuoku! contains an issue where it fails to verify SSL server certificates
Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the informati...
JVN#75084836: Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version...
Cybozu Mailwise vulnerable to information disclosure
Overview Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field. Impact Contents of an email may be obtained by a user that does not have privileges to access that original email. Solution Update the Software Update to the latest version according...
JVN#21103639: Cybozu Mailwise vulnerable to information disclosure
Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field. Impact Contents of an email may be obtained by a user that does not have privileges to access that original email. Solution Update the Software Update to the latest version according to the...
docomo overseas usage application vulnerability in the connection process
Overview docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user informatio...
JVN#44035194: docomo overseas usage application vulnerability in the connection process
docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user information. Soluti...
JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation
Overview JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability. Taizo Tsukamoto of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#00065218: JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation
JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability. Impact Users without administrative privileges may obtain administrative privileges. Solution Update the software Update to the latest version according to the...
WordPress vulnerable to cross-site scripting
Overview WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...
JVN#25280162: WordPress vulnerable to cross-site scripting
WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected...
Oracle Enterprise Manager vulnerable to cross-site scripting
Overview Oracle Enterprise Manager provided by Oracle contains a cross-site scripting vulnerability. Masashi Shiraishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on t...
JVN#26103805: Oracle Enterprise Manager vulnerable to cross-site scripting
Oracle Enterprise Manager provided by Oracle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected...
JBoss RichFaces vulnerable to remote code execution
Overview JBoss RichFaces contains a remote code execution vulnerability due to an issue with deserialization. JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interfa...
JVN#38787103: JBoss RichFaces vulnerable to remote code execution
JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interface may deserialize untrusted data, which may lead to arbitrary code execution. Impact When specially crafted...
Oracle Outside In vulnerable to denial-of-service (DoS)
Overview Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service DoS vulnerability. Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
Oracle Outside In vulnerable to buffer overflow
Overview Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability. Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#68663052: Oracle Outside In vulnerable to denial-of-service (DoS)
Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service DoS vulnerability. Impact When Oracle Outside In processes a specially crafted Hangul Word Processor file, the process may hang. Solution Apply an update Update to the latest version...
JVN#07497769: Oracle Outside In vulnerable to buffer overflow
Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability. Impact When Oracle Outside In processes a specially crafted Ichitaro Word Processor file, arbitrary code may be executed. Solution Apply an update Update to the latest version...
Cybozu Office session management vulnerability
Overview Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management. Ooi Keita reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A third-party that obtains the URL for a login m...
JVN#19491840: Cybozu Office session management vulnerability
Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management. Impact A third-party that obtains the URL for a login may impersonate a user and access the product. As a result information may be altered or disclosed. Solution Update the software Update to the latest...
AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)
Overview AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service DoS. Ayako Matsuda of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
JVN#68773685: AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)
AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service DoS. Impact Network functions may be disabled by a remote attacker. Solution Update the Firmware Update to the latest version of firmware according to the information provided by the...
POST-MAIL vulnerable to cross-site scripting
Overview POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. and Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to...
CLIP-MAIL vulnerable to cross-site scripting
Overview CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...
EC-CUBE vulnerable to directory traversal
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. LOCKON CO.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Ren Hirasawa of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Daiki Ishimori of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
EC-CUBE vulnerable to code injection
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
EC-CUBE vulnerable to directory traversal
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#43886811: EC-CUBE vulnerable to directory traversal
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...
JVN#34900750: EC-CUBE vulnerable to code injection
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Apply the update or patch Apply the updat...
JVN#07192063: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...
JVN#98665228: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...
JVN#04161229: EC-CUBE vulnerable to directory traversal
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...
JVN#85804149: CLIP-MAIL vulnerable to cross-site scripting
CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...
JVN#26394323: POST-MAIL vulnerable to cross-site scripting
POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...
Cross-site Scripting Vulnerability in Hitachi Command Suite Products
Overview Hitachi Command Suite Products contains a cross-site scripting vulnerability. Impact A remote attackers could execute a malicious inserted script on a client which loads it. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...
Vulnerability in JP1/HIBUN Advanced Edition Information Cypher Removable Media Encryption
Overview Removable media encrypted by JP1/HIBUN Advanced Edition Information Cypher contains a vulnerability. Impact The contents of the removable media encrypted by JP1/HIBUN Advanced Edition Information Cypher can be accessed through PCs installed with JP1/HIBUN Advanced Edition Information...
Cybozu Live for Android vulnerable in the WebView class
Overview Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN77393797. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported...