5625 matches found
jigbrowser+ for Android vulnerable to address bar spoofing
Overview jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Th...
JVN#01313594: jigbrowser+ for Android vulnerable to address bar spoofing
jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest version...
JVN#55074201: Yahoo! Browser vulnerable to address bar spoofing
Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest version according...
Buffer Overflow Vulnerability in Hitachi IT Operations Director
Overview Hitachi IT Operation Director Agent in client PC contains a buffer overflow vulnerability. Impact A remote attacker could execute arbitrary code with system privileges. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Multiple Cybozu products vulnerable to cross-site request forgery
Overview Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user accesses a specially crafted URL while logged in, user passwords or administrator passwords may be altered. Solution Update the Software Update to the latest version according to the information...
JVN#06251813: Multiple Cybozu products vulnerable to cross-site request forgery
Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user accesses a specially crafted URL while logged in, user passwords or administrator passwords may be altered. Solution Update the Software Update to the latest version according to the information provided...
Sleipnir Mobile for Android loads arbitrary Extension API
Overview Sleipnir Mobile for Android has an Extension mechanism to customize browser functions, and this Extension function makes calls to an Extension API. Sleipnir Mobile for Android contains an issue that may allow a specially crafted web page to load an arbitrary Extension API. Keita Haga of...
JVN#02895867: Sleipnir Mobile for Android loads arbitrary Extension API
Sleipnir Mobile for Android has an Extension mechanism to customize browser functions, and this Extension function makes calls to an Extension API. Sleipnir Mobile for Android contains an issue that may allow a specially crafted web page to load an arbitrary Extension API. Impact If a user access...
Sleipnir for Windows vulnerable to address bar spoofing
Overview Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
JVN#65034198: Sleipnir for Windows vulnerable to address bar spoofing
Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Impact A user may misinterpret that the website is using the SSL for communications even when the site is not using SSL. Solution Update the...
Active! mail vulnerable to information disclosure
Overview Active! mail contains an information disclosure vulnerability. Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability. Mitsuru Ogino of Sugiyama Jogakuen reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#04288738: Active! mail vulnerable to information disclosure
Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability. Impact If the "external public interface" is enabled, an attacker who can log into the server may obtain users credentials. Solution Restrict log-in to the server Allow...
OpenWnn for Android vulnerable to information disclosure
Overview OpenWnn for Android contains an issue in the access permissions for certain files. OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor IME. OpenWnn for Android contains an issue in the access permissions for certain files. Gaku Mochizuki of Mitsui Bussan Secure...
JVN#01167429: OpenWnn for Android vulnerable to information disclosure
OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor IME. OpenWnn for Android contains an issue in the access permissions for certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may...
Lotus Domino vulnerable to denial-of-service (DoS)
Overview Lotus Domino provided by IBM contains a denial-of-service DoS vulnerability. Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Ryouichi Ozawa of Oki Electric Industry Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#51305555: Lotus Domino vulnerable to denial-of-service (DoS)
Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Impact A remote attacker may cause the Domino service to crash. Solution Update the software Update to the latest version according to the information provided by the developer. Products...
COBIME vulnerable to information disclosure
Overview COBIME contains an issue in the access permissions for the certain files. COBIME is a Japanese Input Method Editor IME for Android devices. COBIME contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android...
OpenWnn/Flick support vulnerable to information disclosure
Overview OpenWnn/Flick support contains an issue in the access permissions for the certain files. OpenWnn/Flick support is a Japanese Input Method Editor IME for Android devices. OpenWnn/Flick support contains an issue in the access permissions for the certain files. Impact If a user of the...
Simeji vulnerable to information disclosure
Overview Simeji contains an issue in the access permissions for the certain files. Simeji is a Japanese Input Method Editor IME for Android devices. Simeji contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...
ArtIME Japanese Input vulnerable to information disclosure
Overview ArtIME Japanese Input contains an issue in the access permissions for the certain files. ArtIME Japanese Input is a Japanese Input Method Editor IME for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Buss...
JVN#77360971: Simeji vulnerable to information disclosure
Simeji is a Japanese Input Method Editor IME for Android devices. Simeji contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...
JVN#11249169: COBIME vulnerable to information disclosure
COBIME is a Japanese Input Method Editor IME for Android devices. COBIME contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...
JVN#11434157: OpenWnn/Flick support vulnerable to information disclosure
OpenWnn/Flick support is a Japanese Input Method Editor IME for Android devices. OpenWnn/Flick support contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product...
JVN#80922020: ArtIME Japanese Input vulnerable to information disclosure
ArtIME Japanese Input is a Japanese Input Method Editor IME for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product...
Multiple NEC mobile routers vulnerable to cross-site request forgery
Overview Multiple mobile routers provided by NEC contain a cross-site request forgery vulnerability. Multiple mobile routers provided by NEC contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Sen UENO of Tricorder Co. Ltd., Hiroshi Kumagai a...
JVN#59503133: Multiple NEC mobile routers vulnerable to cross-site request forgery
Multiple mobile routers provided by NEC contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If a user views a malicious page while logged in, settings of the product may be initialized, or the product may be rebooted. Solution Update t...
VxWorks Web Server vulnerable to denial-of-service (DoS)
Overview The VxWorks Web Server contains a denial-of-service vulnerability. The VxWorks Web Server contains a denial-of-service DoS vulnerability. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
VxWorks WebCLI vulnerable to denial-of-service (DoS)
Overview The VxWorks WebCLI contains a denial-of-service DoS vulnerability. The VxWorks WebCLI contains a denial-of-service DoS vulnerability due to an issue in parsing command strings. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing authentication requests. Hisashi Kojima and Masahiro Nakada of...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in processing authentication requests. Hisashi Kojima and Masahiro Nakada of Fujits...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Hisashi Kojima...
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories...
JVN#45545972: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in processing authentication requests. Impact SSH access may become unavailable until the next reboot as a result of processing an authentication request. Solution Apply a patch Apply the...
JVN#65923092: VxWorks WebCLI vulnerable to denial-of-service (DoS)
The VxWorks WebCLI contains a denial-of-service DoS vulnerability due to an issue in parsing command strings. Impact An attacker that can login to a CLI session may cause the current CLI session to crash. Solution Apply a patch Apply the appropriate patch according to the information provided by...
JVN#01611135: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Impact SSH access may become unavailable until the next reboot when receiving a specially crafted packet after a SSH...
JVN#52492830: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Impact Receiving a specially crafted pty request packet may cause SSH access to be unavailable until the next reboot. Solution Apply a patch Apply the appropriate...
JVN#41022517: VxWorks Web Server vulnerable to denial-of-service (DoS)
The VxWorks Web Server contains a denial-of-service DoS vulnerability. Impact When a user accesses the VxWorks Web Server using a specially crafted URL, the server may crash. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products Affect...
JVN#20671901: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing authentication requests. Impact Recieiving a specially crafted packet for a public key authentication request may cause the server to hang and SSH access to be unavailab...
Multiple Cisco products vulnerable to denial-of-service (DoS)
Overview The SSH implementation in multiple Cisco products contains a denial-of-service DoS vulnerability. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#05132866: Multiple Cisco products vulnerable to denial-of-service (DoS)
The SSH implementation in multiple Cisco products contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected ...
Kingsoft Writer vulnerable to buffer overflow
Overview Kingsoft Writer contains a buffer overflow vulnerability. Kingsoft Writer is a software to edit document files. Kingsoft Writer contains a buffer overflow vulnerability. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#55924624: Kingsoft Writer vulnerable to buffer overflow
Kingsoft Writer is a software to edit document files. Kingsoft Writer contains a buffer overflow vulnerability. Impact When opening a specially crafted document, an arbitrary code may be executed. Solution Update the software Update to the latest version according to the information provided by t...
dopvSTAR* vulnerable to cross-site scripting
Overview dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
dopvCOMET* vulnerable to cross-site scripting
Overview dopvCOMET provided by bayashi.net is a software to analyze web access logs. dopvCOMET contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
JVN#36339873: dopvSTAR* vulnerable to cross-site scripting
dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Modify the JavaScript Modify the JavaScript that enables to log accesses, according to...
JVN#64756004: dopvCOMET* vulnerable to cross-site scripting
dopvCOMET provided by bayashi.net is a software to analyze web access logs. dopvCOMET contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Modify the JavaScript Modify the JavaScript that enables to log accesses, according t...
Multiple JustSystems products vulnerable to arbitrary code execution
Overview Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution. For more information, refer to the information provided by the developer. Impact Opening a file may cause arbitrary code to be executed with the privilege of the running...
JVN#16817324: Multiple JustSystems products vulnerable to arbitrary code execution
Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution. For more information, refer to the information provided by the developer. Impact Opening a file may cause arbitrary code to be executed with the privilege of the running...
Multiple vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management
Overview Hitachi Tuning Manager, JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option contain Cross-site scripting and cross-site request forgery CSRF vulnerabilities. These vulnerabilities can not be exploited, unless logging in these products. Impact A...
NEC Universal RAID Utility fails to restrict access permissions
Overview NEC Universal RAID Utility contains an issue where access permissions are not restricted. NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted. SAKURA Internet Inc. reported this...