JVN#44035194: docomo overseas usage application vulnerability in the connection process

docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user information. Soluti...

JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation

Overview JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability. Taizo Tsukamoto of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

JVN#00065218: JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation

JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability. Impact Users without administrative privileges may obtain administrative privileges. Solution Update the software Update to the latest version according to the...

WordPress vulnerable to cross-site scripting

Overview WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

JVN#25280162: WordPress vulnerable to cross-site scripting

WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected...

Oracle Enterprise Manager vulnerable to cross-site scripting

Overview Oracle Enterprise Manager provided by Oracle contains a cross-site scripting vulnerability. Masashi Shiraishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on t...

JVN#26103805: Oracle Enterprise Manager vulnerable to cross-site scripting

Oracle Enterprise Manager provided by Oracle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected...

JBoss RichFaces vulnerable to remote code execution

Overview JBoss RichFaces contains a remote code execution vulnerability due to an issue with deserialization. JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interfa...

JVN#38787103: JBoss RichFaces vulnerable to remote code execution

JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interface may deserialize untrusted data, which may lead to arbitrary code execution. Impact When specially crafted...

Oracle Outside In vulnerable to denial-of-service (DoS)

Overview Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service DoS vulnerability. Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

Oracle Outside In vulnerable to buffer overflow

Overview Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability. Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

JVN#07497769: Oracle Outside In vulnerable to buffer overflow

Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability. Impact When Oracle Outside In processes a specially crafted Ichitaro Word Processor file, arbitrary code may be executed. Solution Apply an update Update to the latest version...

JVN#68663052: Oracle Outside In vulnerable to denial-of-service (DoS)

Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service DoS vulnerability. Impact When Oracle Outside In processes a specially crafted Hangul Word Processor file, the process may hang. Solution Apply an update Update to the latest version...

Cybozu Office session management vulnerability

Overview Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management. Ooi Keita reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A third-party that obtains the URL for a login m...

JVN#19491840: Cybozu Office session management vulnerability

Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management. Impact A third-party that obtains the URL for a login may impersonate a user and access the product. As a result information may be altered or disclosed. Solution Update the software Update to the latest...

AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)

Overview AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service DoS. Ayako Matsuda of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

JVN#68773685: AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)

AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service DoS. Impact Network functions may be disabled by a remote attacker. Solution Update the Firmware Update to the latest version of firmware according to the information provided by the...

POST-MAIL vulnerable to cross-site scripting

Overview POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. and Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to...

CLIP-MAIL vulnerable to cross-site scripting

Overview CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

EC-CUBE vulnerable to directory traversal

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. LOCKON CO.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Ren Hirasawa of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Daiki Ishimori of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

EC-CUBE vulnerable to code injection

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

EC-CUBE vulnerable to directory traversal

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

JVN#07192063: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

JVN#34900750: EC-CUBE vulnerable to code injection

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Apply the update or patch Apply the updat...

JVN#98665228: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

JVN#04161229: EC-CUBE vulnerable to directory traversal

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...

JVN#85804149: CLIP-MAIL vulnerable to cross-site scripting

CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...

JVN#43886811: EC-CUBE vulnerable to directory traversal

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...

JVN#26394323: POST-MAIL vulnerable to cross-site scripting

POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...

Cross-site Scripting Vulnerability in Hitachi Command Suite Products

Overview Hitachi Command Suite Products contains a cross-site scripting vulnerability. Impact A remote attackers could execute a malicious inserted script on a client which loads it. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

Vulnerability in JP1/HIBUN Advanced Edition Information Cypher Removable Media Encryption

Overview Removable media encrypted by JP1/HIBUN Advanced Edition Information Cypher contains a vulnerability. Impact The contents of the removable media encrypted by JP1/HIBUN Advanced Edition Information Cypher can be accessed through PCs installed with JP1/HIBUN Advanced Edition Information...

Cybozu Live for Android vulnerable in the WebView class

Overview Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN77393797. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported...

Cybozu Live for Android vulnerable to arbitrary Java method execution

Overview Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN23009798. Gaku Mochizuki of Mitsui Bussan Secure Directions,...

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. Impact When a user opens a specially crafted file, an arbitra...

JVN#98712361: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, an arbitrary code may be executed. Solution Update the software Apply the appropriate update module...

JVN#63428218: Cybozu Live for Android vulnerable to arbitrary Java method execution

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN23009798. Impact When opening a specially crafted website, an attacker...

JVN#19740283: Cybozu Live for Android vulnerable in the WebView class

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN77393797. Impact When there is a malicious file in the user's Android device,...

Orchard vulnerable to cross-site scripting

Overview Orchard is a content management system CMS. Orchard contains a cross-site scripting vulnerability. Tatsuya Sekiguchi of Hitachi Systems, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

JVN#53622030: Orchard vulnerable to cross-site scripting

Orchard is a content management system CMS. Orchard contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software or apply a patch Update to the latest version or apply the appropriate patch according to the...

Galapagos Browser vulnerable in the WebView class

Overview Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Angel Browser vulnerable in the WebView class

Overview Angel Browser is a web browser for Android devices. Angel Browser contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#99813183: Galapagos Browser vulnerable in the WebView class

Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Do not use Galapagos...

JVN#79301570: Angel Browser vulnerable in the WebView class

Angel Browser is a web browser for Android devices. Angel Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Update to...

Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates

Overview Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates. Shunsuke Taniguchi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

Internet Explorer vulnerable to information disclosure

Overview Internet Explorer contains an issue in handling XML files, which may result in information disclosure. Isayama Takayoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#63901692: Internet Explorer vulnerable to information disclosure

Internet Explorer contains an issue in handling XML files, which may result in information disclosure. Impact If a user opens a specially crafted XML file as a local file, other local files may be disclosed. Solution Upgrade the software Users of Windows 7 and later, Windows Server 2008 R2 and...

JVN#39218538: Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates

Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the...

HP ProCurve 1700 series switches vulnerable to cross-site request forgery

Overview ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability. Darren Willis of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...