5609 matches found
JVN#48108258: HP ProCurve 1700 series switches vulnerable to cross-site request forgery
ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, product settings may be changed. Solution Update the software Update to the latest version according to the information provided b...
Adobe Reader X vulnerable to sandbox bypass
Overview Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary...
Safari information disclosure vulnerability
Overview Safari contains an information disclosure vulnerability caused the by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
FileMaker Pro vulnerable to cross-site scripting
Overview FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the...
FileMaker Pro fails to verify SSL server certificates
Overview FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. Impact A man-in-the-minddle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Upgrade the software Upgrade to t...
JVN#07354844: Safari information disclosure vulnerability
Safari contains an information disclosure vulnerability caused the by the improper handling of XML files. Impact When opening a specially crafted XML file as a local file, the contents of another local file may be disclosed. Solution Update the software Update to the latest version according to t...
JVN#24560784: Adobe Reader X vulnerable to sandbox bypass
Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed. Impact Arbitrary process using arbitrary arguments may be executed with the privileges of the user. Solution Update the software and apply MS13-005 Update to the latest version of Adobe Reader X and make sure that...
JVN#53579095: FileMaker Pro vulnerable to cross-site scripting
FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the informatio...
JVN#85812843: FileMaker Pro fails to verify SSL server certificates
FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Upgrade the software Upgrade to the latest...
Content Provider in MovatwiTouch fails to restrict access permissions
Overview MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted. Masata Nishida of Advanced Research Laboratory, SecureBrain Corporation reported this vulnerability to IPA. JPCERT/CC...
Sleipnir Mobile for Android vulnerable to address bar spoofing
Overview Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
JVN#22756333: Sleipnir Mobile for Android vulnerable to address bar spoofing
Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest...
JVN#90289505: Content Provider in MovatwiTouch fails to restrict access permissions
MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted. Impact If a user of the affected product uses another malicious Android application, authorization information granted to MovatwiTouch...
Yahoo! Browser vulnerable to address bar spoofing
Overview Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#31817913: Yahoo! Browser vulnerable to address bar spoofing
Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update...
Arbitrary Commands Execution Vulnerability in JP1/Integrated Management - TELstaff Alarm View
Overview JP1/Integrated Management - TELstaff Alarm View contains a vulnerability where arbitrary commands may be executed with administrator privilege. Impact A remote user could execute arbitrary commands with administrator privilege by sending an unexpected and crafted message. Solution Please...
EC-CUBE vulnerable to information disclosure as a result of improper input checking
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure. LOCKON CO.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
EC-CUBE fails to restrict access permissions
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a URL handling issue in certain environments and as a result, access permissions are not restricted. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
EC-CUBE vulnerable to session fixation
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with th...
JVN#45306814: EC-CUBE fails to restrict access permissions
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a URL handling issue in certain environments and as a result, access permissions are not restricted. Impact A remote, unauthenticated attacker may access the management screen. Solution Apply th...
JVN#00985872: EC-CUBE vulnerable to session fixation
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability. Impact A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. Solution Apply the update or patch Apply...
JVN#39699406: EC-CUBE vulnerable to information disclosure as a result of improper input checking
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure. Impact A remote, unauthenticated attacker may obtain information stored in the product. Solution Apply the update...
JVN#52552792: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Impact When a user accesses a specially crafted URL while there is an item in the shopping cart, a...
Cross-site Scripting Vulnerability in JP1/Automatic Operation
Overview JP1/Automatic Operation contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Cross-site scripting vulnerability in the web2py social bookmarking widget
Overview The social bookmarking widget share.js in web2py contains a cross-site scripting vulnerability. web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability. Yuji Kosuga of Everforth Co., Ltd...
JVN#10461119: Cross-site scripting vulnerability in the web2py social bookmarking widget
web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability. Impact A user who accesses a site created by web2py which uses share.js may have an arbitrary script executed on its web browser. Solution Upda...
Wi-Fi Spot Configuration Software vulnerability in the connection process
Overview Wi-Fi Spot Configuration Software provided by SoftBank contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#85371480: Wi-Fi Spot Configuration Software vulnerability in the connection process
Wi-Fi Spot Configuration Software provided by SoftBank contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user information. Solution...
OpenPNE vulnerable to cross-site scripting
Overview The management screen in OpenPNE contains an issue in the processing of data input into the "mobile version color scheme configuration" item, which may result in a cross-site scripting vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#18501376: OpenPNE vulnerable to cross-site scripting
The management screen in OpenPNE contains an issue in the processing of data input into the "mobile version color scheme configuration" item, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an...
Online Service Gate vulnerable in Office 365 password management
Overview Online Service Gate contains a vulnerability in Office 365 password management. Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are...
JVN#61972596: Online Service Gate vulnerable in Office 365 password management
Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper...
Yahoo! Browser vulnerable to address bar spoofing
Overview Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact This...
jigbrowser+ for Android vulnerable to address bar spoofing
Overview jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Th...
JVN#55074201: Yahoo! Browser vulnerable to address bar spoofing
Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest version according...
JVN#01313594: jigbrowser+ for Android vulnerable to address bar spoofing
jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest version...
Buffer Overflow Vulnerability in Hitachi IT Operations Director
Overview Hitachi IT Operation Director Agent in client PC contains a buffer overflow vulnerability. Impact A remote attacker could execute arbitrary code with system privileges. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Multiple Cybozu products vulnerable to cross-site request forgery
Overview Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user accesses a specially crafted URL while logged in, user passwords or administrator passwords may be altered. Solution Update the Software Update to the latest version according to the information...
JVN#06251813: Multiple Cybozu products vulnerable to cross-site request forgery
Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user accesses a specially crafted URL while logged in, user passwords or administrator passwords may be altered. Solution Update the Software Update to the latest version according to the information provided...
Sleipnir Mobile for Android loads arbitrary Extension API
Overview Sleipnir Mobile for Android has an Extension mechanism to customize browser functions, and this Extension function makes calls to an Extension API. Sleipnir Mobile for Android contains an issue that may allow a specially crafted web page to load an arbitrary Extension API. Keita Haga of...
JVN#02895867: Sleipnir Mobile for Android loads arbitrary Extension API
Sleipnir Mobile for Android has an Extension mechanism to customize browser functions, and this Extension function makes calls to an Extension API. Sleipnir Mobile for Android contains an issue that may allow a specially crafted web page to load an arbitrary Extension API. Impact If a user access...
Sleipnir for Windows vulnerable to address bar spoofing
Overview Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
JVN#65034198: Sleipnir for Windows vulnerable to address bar spoofing
Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Impact A user may misinterpret that the website is using the SSL for communications even when the site is not using SSL. Solution Update the...
Active! mail vulnerable to information disclosure
Overview Active! mail contains an information disclosure vulnerability. Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability. Mitsuru Ogino of Sugiyama Jogakuen reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#04288738: Active! mail vulnerable to information disclosure
Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability. Impact If the "external public interface" is enabled, an attacker who can log into the server may obtain users credentials. Solution Restrict log-in to the server Allow...
OpenWnn for Android vulnerable to information disclosure
Overview OpenWnn for Android contains an issue in the access permissions for certain files. OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor IME. OpenWnn for Android contains an issue in the access permissions for certain files. Gaku Mochizuki of Mitsui Bussan Secure...
JVN#01167429: OpenWnn for Android vulnerable to information disclosure
OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor IME. OpenWnn for Android contains an issue in the access permissions for certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may...
Lotus Domino vulnerable to denial-of-service (DoS)
Overview Lotus Domino provided by IBM contains a denial-of-service DoS vulnerability. Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Ryouichi Ozawa of Oki Electric Industry Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#51305555: Lotus Domino vulnerable to denial-of-service (DoS)
Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Impact A remote attacker may cause the Domino service to crash. Solution Update the software Update to the latest version according to the information provided by the developer. Products...