5609 matches found
COBIME vulnerable to information disclosure
Overview COBIME contains an issue in the access permissions for the certain files. COBIME is a Japanese Input Method Editor IME for Android devices. COBIME contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android...
OpenWnn/Flick support vulnerable to information disclosure
Overview OpenWnn/Flick support contains an issue in the access permissions for the certain files. OpenWnn/Flick support is a Japanese Input Method Editor IME for Android devices. OpenWnn/Flick support contains an issue in the access permissions for the certain files. Impact If a user of the...
Simeji vulnerable to information disclosure
Overview Simeji contains an issue in the access permissions for the certain files. Simeji is a Japanese Input Method Editor IME for Android devices. Simeji contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...
ArtIME Japanese Input vulnerable to information disclosure
Overview ArtIME Japanese Input contains an issue in the access permissions for the certain files. ArtIME Japanese Input is a Japanese Input Method Editor IME for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Buss...
JVN#11249169: COBIME vulnerable to information disclosure
COBIME is a Japanese Input Method Editor IME for Android devices. COBIME contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...
JVN#77360971: Simeji vulnerable to information disclosure
Simeji is a Japanese Input Method Editor IME for Android devices. Simeji contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...
JVN#80922020: ArtIME Japanese Input vulnerable to information disclosure
ArtIME Japanese Input is a Japanese Input Method Editor IME for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product...
JVN#11434157: OpenWnn/Flick support vulnerable to information disclosure
OpenWnn/Flick support is a Japanese Input Method Editor IME for Android devices. OpenWnn/Flick support contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product...
Multiple NEC mobile routers vulnerable to cross-site request forgery
Overview Multiple mobile routers provided by NEC contain a cross-site request forgery vulnerability. Multiple mobile routers provided by NEC contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Sen UENO of Tricorder Co. Ltd., Hiroshi Kumagai a...
JVN#59503133: Multiple NEC mobile routers vulnerable to cross-site request forgery
Multiple mobile routers provided by NEC contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If a user views a malicious page while logged in, settings of the product may be initialized, or the product may be rebooted. Solution Update t...
VxWorks Web Server vulnerable to denial-of-service (DoS)
Overview The VxWorks Web Server contains a denial-of-service vulnerability. The VxWorks Web Server contains a denial-of-service DoS vulnerability. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
VxWorks WebCLI vulnerable to denial-of-service (DoS)
Overview The VxWorks WebCLI contains a denial-of-service DoS vulnerability. The VxWorks WebCLI contains a denial-of-service DoS vulnerability due to an issue in parsing command strings. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing authentication requests. Hisashi Kojima and Masahiro Nakada of...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in processing authentication requests. Hisashi Kojima and Masahiro Nakada of Fujits...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Hisashi Kojima...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories...
JVN#01611135: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Impact SSH access may become unavailable until the next reboot when receiving a specially crafted packet after a SSH...
JVN#65923092: VxWorks WebCLI vulnerable to denial-of-service (DoS)
The VxWorks WebCLI contains a denial-of-service DoS vulnerability due to an issue in parsing command strings. Impact An attacker that can login to a CLI session may cause the current CLI session to crash. Solution Apply a patch Apply the appropriate patch according to the information provided by...
JVN#20671901: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing authentication requests. Impact Recieiving a specially crafted packet for a public key authentication request may cause the server to hang and SSH access to be unavailab...
JVN#41022517: VxWorks Web Server vulnerable to denial-of-service (DoS)
The VxWorks Web Server contains a denial-of-service DoS vulnerability. Impact When a user accesses the VxWorks Web Server using a specially crafted URL, the server may crash. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products Affect...
JVN#52492830: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Impact Receiving a specially crafted pty request packet may cause SSH access to be unavailable until the next reboot. Solution Apply a patch Apply the appropriate...
JVN#45545972: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in processing authentication requests. Impact SSH access may become unavailable until the next reboot as a result of processing an authentication request. Solution Apply a patch Apply the...
Multiple Cisco products vulnerable to denial-of-service (DoS)
Overview The SSH implementation in multiple Cisco products contains a denial-of-service DoS vulnerability. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#05132866: Multiple Cisco products vulnerable to denial-of-service (DoS)
The SSH implementation in multiple Cisco products contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected ...
Kingsoft Writer vulnerable to buffer overflow
Overview Kingsoft Writer contains a buffer overflow vulnerability. Kingsoft Writer is a software to edit document files. Kingsoft Writer contains a buffer overflow vulnerability. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#55924624: Kingsoft Writer vulnerable to buffer overflow
Kingsoft Writer is a software to edit document files. Kingsoft Writer contains a buffer overflow vulnerability. Impact When opening a specially crafted document, an arbitrary code may be executed. Solution Update the software Update to the latest version according to the information provided by t...
dopvSTAR* vulnerable to cross-site scripting
Overview dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
dopvCOMET* vulnerable to cross-site scripting
Overview dopvCOMET provided by bayashi.net is a software to analyze web access logs. dopvCOMET contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
JVN#64756004: dopvCOMET* vulnerable to cross-site scripting
dopvCOMET provided by bayashi.net is a software to analyze web access logs. dopvCOMET contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Modify the JavaScript Modify the JavaScript that enables to log accesses, according t...
JVN#36339873: dopvSTAR* vulnerable to cross-site scripting
dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Modify the JavaScript Modify the JavaScript that enables to log accesses, according to...
Multiple JustSystems products vulnerable to arbitrary code execution
Overview Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution. For more information, refer to the information provided by the developer. Impact Opening a file may cause arbitrary code to be executed with the privilege of the running...
JVN#16817324: Multiple JustSystems products vulnerable to arbitrary code execution
Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution. For more information, refer to the information provided by the developer. Impact Opening a file may cause arbitrary code to be executed with the privilege of the running...
Multiple vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management
Overview Hitachi Tuning Manager, JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option contain Cross-site scripting and cross-site request forgery CSRF vulnerabilities. These vulnerabilities can not be exploited, unless logging in these products. Impact A...
NEC Universal RAID Utility fails to restrict access permissions
Overview NEC Universal RAID Utility contains an issue where access permissions are not restricted. NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted. SAKURA Internet Inc. reported this...
JVN#75585394: NEC Universal RAID Utility fails to restrict access permissions
NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted. Impact A remote unauthenticated attacker may conduct arbitrary operations against the HDD on the vulunerable RAID system. Solution Update...
3DM (3ware Disk Manager) vulnerable to directory traversal
Overview 3DM 3ware Disk Manager contains a directory traversal vulnerability. 3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability. yamaguchi tsuyoshi of Digiplate.inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#02596643: 3DM (3ware Disk Manager) vulnerable to directory traversal
3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files. Solution Use 3DM2 The developer states that the development of 3DM is discontinued and there are no plans for 3DM to be modified. U...
GREE for Android vulnerable to directory traversal
Overview GREE for Android contains a directory traversal vulnerability. GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
imgboard vulnerable to cross-site scripting
Overview imgboard contains a cross-site scripting vulnerability. imgboard provided by imgboard.com CGI Download Center formerly 1998 t-club CGI Download Center is a bulletin board software that supports posting picture files. imgboard contains a cross-site scripting vulnerability. Yuji Tounai of...
JVN#09223079: imgboard vulnerable to cross-site scripting
imgboard provided by imgboard.com CGI Download Center formerly 1998 t-club CGI Download Center is a bulletin board software that supports posting picture files. imgboard contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
JVN#78601526: GREE for Android vulnerable to directory traversal
GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability. Impact If a user of the affected product uses another malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Updat...
Accela BizSearch Gateway Option for TeamWARE Spoofing Vulnerability
Overview Accela BizSearch Gateway Option for TeamWARE, when the TeamWARE Gateway and Single Sign-On are enabled, which allows remote attackers to spoof user accounts of TeamWARE Office under specified conditions. Impact A remote attacker could spoof user accounts of TeamWARE Office under specifie...
User Authentication Vulnerability in Operational Management Function of Cosminexus
Overview The operational management function of Cosminexus does not properly require authentication for manipulation of an operational management portal, which allows remote attackers to delete and replace applications which other users attached. Impact A remote attacker could delete and replace...
Cybozu Garoon vulnerable to SQL injection
Overview Cybozu Garoon contains an SQL injection vulnerability. Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
JVN#95863326: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser when the user is assigned the "logging" permission. Solution Update the Software Update to the latest version accordin...
JVN#07629635: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability. Impact A user with the "logging" permission may obtain information managed by the product. Solution Update the Software Update to the latest version according to the information provided by the...
mora Downloader may insecurely load executable files
Overview mora Downloader may use unsafe methods for determining how to load executables .exe mora Downloader contains an issue in the file search path when loading files, which may insecurely load executables or other files. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku...
JVN#91387819: mora Downloader may insecurely load executable files
mora Downloader contains an issue in the file search path when loading files, which may insecurely load executables or other files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest version according to t...
Weathernews Touch for Android stores location information in the system log file
Overview Weathernews Touch for Android contains a vulnerability that stores location information in the system log file. Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the...