5625 matches found
Cybozu Live for Android vulnerable to arbitrary Java method execution
Overview Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN23009798. Gaku Mochizuki of Mitsui Bussan Secure Directions,...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. Impact When a user opens a specially crafted file, an arbitra...
JVN#63428218: Cybozu Live for Android vulnerable to arbitrary Java method execution
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN23009798. Impact When opening a specially crafted website, an attacker...
JVN#19740283: Cybozu Live for Android vulnerable in the WebView class
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN77393797. Impact When there is a malicious file in the user's Android device,...
JVN#98712361: Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, an arbitrary code may be executed. Solution Update the software Apply the appropriate update module...
Orchard vulnerable to cross-site scripting
Overview Orchard is a content management system CMS. Orchard contains a cross-site scripting vulnerability. Tatsuya Sekiguchi of Hitachi Systems, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#53622030: Orchard vulnerable to cross-site scripting
Orchard is a content management system CMS. Orchard contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software or apply a patch Update to the latest version or apply the appropriate patch according to the...
Galapagos Browser vulnerable in the WebView class
Overview Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Angel Browser vulnerable in the WebView class
Overview Angel Browser is a web browser for Android devices. Angel Browser contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#79301570: Angel Browser vulnerable in the WebView class
Angel Browser is a web browser for Android devices. Angel Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Update to...
JVN#99813183: Galapagos Browser vulnerable in the WebView class
Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Do not use Galapagos...
Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates
Overview Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates. Shunsuke Taniguchi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
Internet Explorer vulnerable to information disclosure
Overview Internet Explorer contains an issue in handling XML files, which may result in information disclosure. Isayama Takayoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#63901692: Internet Explorer vulnerable to information disclosure
Internet Explorer contains an issue in handling XML files, which may result in information disclosure. Impact If a user opens a specially crafted XML file as a local file, other local files may be disclosed. Solution Upgrade the software Users of Windows 7 and later, Windows Server 2008 R2 and...
JVN#39218538: Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates
Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the...
HP ProCurve 1700 series switches vulnerable to cross-site request forgery
Overview ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability. Darren Willis of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#48108258: HP ProCurve 1700 series switches vulnerable to cross-site request forgery
ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, product settings may be changed. Solution Update the software Update to the latest version according to the information provided b...
Adobe Reader X vulnerable to sandbox bypass
Overview Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary...
Safari information disclosure vulnerability
Overview Safari contains an information disclosure vulnerability caused the by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
FileMaker Pro vulnerable to cross-site scripting
Overview FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the...
FileMaker Pro fails to verify SSL server certificates
Overview FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. Impact A man-in-the-minddle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Upgrade the software Upgrade to t...
JVN#85812843: FileMaker Pro fails to verify SSL server certificates
FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Upgrade the software Upgrade to the latest...
JVN#24560784: Adobe Reader X vulnerable to sandbox bypass
Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed. Impact Arbitrary process using arbitrary arguments may be executed with the privileges of the user. Solution Update the software and apply MS13-005 Update to the latest version of Adobe Reader X and make sure that...
JVN#53579095: FileMaker Pro vulnerable to cross-site scripting
FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the informatio...
JVN#07354844: Safari information disclosure vulnerability
Safari contains an information disclosure vulnerability caused the by the improper handling of XML files. Impact When opening a specially crafted XML file as a local file, the contents of another local file may be disclosed. Solution Update the software Update to the latest version according to t...
Content Provider in MovatwiTouch fails to restrict access permissions
Overview MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted. Masata Nishida of Advanced Research Laboratory, SecureBrain Corporation reported this vulnerability to IPA. JPCERT/CC...
Sleipnir Mobile for Android vulnerable to address bar spoofing
Overview Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
JVN#22756333: Sleipnir Mobile for Android vulnerable to address bar spoofing
Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest...
JVN#90289505: Content Provider in MovatwiTouch fails to restrict access permissions
MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted. Impact If a user of the affected product uses another malicious Android application, authorization information granted to MovatwiTouch...
Yahoo! Browser vulnerable to address bar spoofing
Overview Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#31817913: Yahoo! Browser vulnerable to address bar spoofing
Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update...
Arbitrary Commands Execution Vulnerability in JP1/Integrated Management - TELstaff Alarm View
Overview JP1/Integrated Management - TELstaff Alarm View contains a vulnerability where arbitrary commands may be executed with administrator privilege. Impact A remote user could execute arbitrary commands with administrator privilege by sending an unexpected and crafted message. Solution Please...
EC-CUBE vulnerable to information disclosure as a result of improper input checking
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure. LOCKON CO.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
EC-CUBE fails to restrict access permissions
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a URL handling issue in certain environments and as a result, access permissions are not restricted. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
EC-CUBE vulnerable to session fixation
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with th...
JVN#39699406: EC-CUBE vulnerable to information disclosure as a result of improper input checking
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure. Impact A remote, unauthenticated attacker may obtain information stored in the product. Solution Apply the update...
JVN#52552792: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Impact When a user accesses a specially crafted URL while there is an item in the shopping cart, a...
JVN#00985872: EC-CUBE vulnerable to session fixation
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability. Impact A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. Solution Apply the update or patch Apply...
JVN#45306814: EC-CUBE fails to restrict access permissions
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a URL handling issue in certain environments and as a result, access permissions are not restricted. Impact A remote, unauthenticated attacker may access the management screen. Solution Apply th...
Cross-site Scripting Vulnerability in JP1/Automatic Operation
Overview JP1/Automatic Operation contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Cross-site scripting vulnerability in the web2py social bookmarking widget
Overview The social bookmarking widget share.js in web2py contains a cross-site scripting vulnerability. web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability. Yuji Kosuga of Everforth Co., Ltd...
JVN#10461119: Cross-site scripting vulnerability in the web2py social bookmarking widget
web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability. Impact A user who accesses a site created by web2py which uses share.js may have an arbitrary script executed on its web browser. Solution Upda...
Wi-Fi Spot Configuration Software vulnerability in the connection process
Overview Wi-Fi Spot Configuration Software provided by SoftBank contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#85371480: Wi-Fi Spot Configuration Software vulnerability in the connection process
Wi-Fi Spot Configuration Software provided by SoftBank contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user information. Solution...
OpenPNE vulnerable to cross-site scripting
Overview The management screen in OpenPNE contains an issue in the processing of data input into the "mobile version color scheme configuration" item, which may result in a cross-site scripting vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#18501376: OpenPNE vulnerable to cross-site scripting
The management screen in OpenPNE contains an issue in the processing of data input into the "mobile version color scheme configuration" item, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an...
Online Service Gate vulnerable in Office 365 password management
Overview Online Service Gate contains a vulnerability in Office 365 password management. Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are...
JVN#61972596: Online Service Gate vulnerable in Office 365 password management
Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper...
Yahoo! Browser vulnerable to address bar spoofing
Overview Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact This...