5609 matches found
JVN#86040029: Weathernews Touch for Android stores location information in the system log file
Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the system log file. Impact Android applications with permissions to read system log files may obtain location information...
WebSphere Application Server (WAS) vulnerable to cross-site scripting
Overview WebSphere Application Server WAS provided by IBM contains a cross-site scripting vulnerability. WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Eiji James Yoshida of Security Professionals Network Inc...
JVN#24343509: WebSphere Application Server (WAS) vulnerable to cross-site scripting
WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the develope...
myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting
Overview myu-s and PHP WeblogSystem by netmania contain a cross-site scripting vulnerability. myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software...
JVN#99681273: myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting
myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest product released on Feb.16, 2012 or a fixed myu-s according to the...
Documents Pro (formerly Files HD) vulnerable to directory traversal
Overview Documents Pro provided by Olive Toast Software Ltd. contains a directory traversal vulnerability. Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a directory traversal vulnerability. Keigo Yamazaki of LAC Co., Ltd reported...
Documents Pro (formerly Files HD) vulnerable to cross-site scripting
Overview Documents Pro provided by Olive Toast Software Ltd. contains a cross-site scripting vulnerability. Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. report...
JVN#91881278: Documents Pro (formerly Files HD) vulnerable to cross-site scripting
Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Impact When a user uses Documents Pro through a web browser, an arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#52197991: Documents Pro (formerly Files HD) vulnerable to directory traversal
Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a directory traversal vulnerability. Impact A guest user may view, delete or perform other actions on files that it does not have privileges to. Solution Update the software Update to...
Cross-site Scripting Vulnerability in Collaboration - Bulletin board in Multiple Hitachi Products
Overview A cross-site scripting vulnerability has been found in Collaboration - Bulletin board in multiple Hitachi products. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...
concrete5 vulnerable to cross-site scripting
Overview concrete5 contains a cross-site scripting vulnerability. concrete5 is an open source content management system CMS. concrete5 contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Loctouch for Android information management vulnerability
Overview Loctouch for Android contains an information management vulnerability. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains an information management vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported...
Loctouch for Android vulnerable in handling of implicit intents
Overview Loctouch for Android contains a vulnerability in the handling of implicit intents. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...
JVN#33159152: Loctouch for Android information management vulnerability
Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains an information management vulnerability. Impact Android applications with permission to read system log files may obtain log information stored by the product that are intended to be...
JVN#65458431: concrete5 vulnerable to cross-site scripting
concrete5 is an open source content management system CMS. concrete5 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the develope...
JVN#42625179: Loctouch for Android vulnerable in handling of implicit intents
Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Impact Location logs that include non-public information may be leaked to a third party through a malicious Android application...
Opera Mini / Opera Mobile for Android vulnerable in the WebView class
Overview Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Opera Mini and Opera Mobile are web browsers for mobile devices. Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions,...
Boat Browser / Boat Browser Mini vulnerable in the WebView class
Overview Boat Browser and Boat Browser Mini contain an issue in the WebView class. Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc...
JVN#27691264: Opera Mini / Opera Mobile for Android vulnerable in the WebView class
Opera Mini and Opera Mobile are web browsers for mobile devices. Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Impact If a user of the affected product uses another malicious Android application, information managed by the product may be disclosed. Solution...
JVN#69589791: Boat Browser / Boat Browser Mini vulnerable in the WebView class
Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed...
WikkaWiki vulnerable to cross-site scripting
Overview WikkaWiki contains a cross-site scripting vulnerability. WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#66596216: WikkaWiki vulnerable to cross-site scripting
WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Product...
Welcart vulnerable to cross-site request forgery
Overview Welcart contains a cross-site request forgery vulnerability. Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability. Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IP...
Welcart vulnerable to cross-site scripting
Overview Welcart contains a cross-site scripting vulnerability. Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IPA. JPCERT/CC...
JVN#18731696: Welcart vulnerable to cross-site scripting
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the management page of Welcart. Solution Update the software Update to the latest version according to the...
JVN#53269985: Welcart vulnerable to cross-site request forgery
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability. Impact If a logged in user views a malicious page after an item has been added in the shopping cart, the purchase process may unexpectedly be complete...
KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
Overview ACCESS REPORT provided by KENT-WEB contains a cross-site scripting vulnerability. ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded int...
KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
Overview ACCESS REPORT provided by KENT-WEB contains a cross-site scripting vulnerability. ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability. Note th...
JVN#68830017: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability. Note that this vulnerability is different from JVN23563149. Impact An arbitrary script may be...
JVN#23563149: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Note that this vulnerability is different from JVN68830017. Impact An...
Multiple KYOCERA mobile devices may reboot during email reception
Overview Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will...
JVN#83907168: Multiple KYOCERA mobile devices may reboot during email reception
Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email. Impact When receiving an invalid email, the device will always reboot,...
Denial of Service (DoS) Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
Overview JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability that could allow a remote attacker to cause a denial of service DoS condition. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer to the...
Hitachi Device Manager Software Denial of Service (DoS) Vulnerability
Overview Hitachi Device Manager Software HDvM contains a denial of service abend vulnerability when receiving a large amount of data at once. If HDvM exits abnormally, users will be able to resume using the software by restarting the HDvM service or daemon. Impact A remote attacker could cause a...
BIGACE vulnerable to session fixation
Overview BIGACE contains a session fixation vulnerability. BIGACE is a content management system CMS. BIGACE contains a session fixation vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#60931933: BIGACE vulnerable to session fixation
BIGACE is a content management system CMS. BIGACE contains a session fixation vulnerability. Impact A remote unauthenticated attacker may impersonate a registered user. As a result, information disclosure or alteration may be possible. Solution Update the Software Apply the latest update accordin...
Monaca Debugger for Android information management vulnerability
Overview Monaca Debugger for Android contains an information management vulnerability. Monaca Debugger provided by Asial Corporation contains an issue where account information of the product or other information such as session IDs are saved in a log file. KuMaGa ShiRoIHi reported this...
JVN#56923652: Monaca Debugger for Android information management vulnerability
Monaca Debugger provided by Asial Corporation contains an issue where account information of the product or other information such as session IDs are saved in a log file. Impact Android applications with permissions to read system log files may obtain users credentials of Monaca or other...
Multiple Android devices vulnerable to denial-of-service (DoS)
Overview Multiple Android devices contains a denial-of-service DoS vulnerability. Multiple Android devices contain an issue when referencing specific system area, which may lead to a denial-of-service DoS. Tsukasa Oi of Fourteenforty Research Institue, Inc. reported this vulnerability to IPA...
JVN#74829345: Multiple Android devices vulnerable to denial-of-service (DoS)
Multiple Android devices contain an issue when referencing specific system area, which may lead to a denial-of-service DoS. Impact The device may crash as a result of accessing a specific file. Solution Update the software Update to the latest version according to the information provided by the...
BeZIP vulnerable to directory traversal
Overview BeZIP contains a directory traversal vulnerability. BeZIP provided by Be Graph Co.,Ltd. is a file compression/extraction software supporting ZIP and LZH formats. BeZIP contains a directory traversal vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this...
JVN#18223913: BeZIP vulnerable to directory traversal
BeZIP provided by Be Graph Co.,Ltd. is a file compression/extraction software supporting ZIP and LZH formats. BeZIP contains a directory traversal vulnerability. Impact An arbitrary file may be created or altered when extracting a specially crafted file. Solution Update the software Update to the...
Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP
Overview Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities. FTP Bounce Attack in PASV mode Buffer overflow at file transmission Defect of the account information check in user authentication Impact A remote attacker could access arbitrary files in system. Solution Please...
Pebble vulnerable to open redirect
Overview Pebble contains an open redirect vulnerability. Pebble is an open source weblog system. Pebble contains an open redirect vulnerability. Takahisa Kishiya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
Pebble vulnerable to HTTP header injection
Overview Pebble contains an HTTP header injection vulnerability. Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability. Takahisa Kishiya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Pebble vulnerability where entries may become unviewable
Overview Pebble contains a vulnerability where blog entries may become unviewable due to a specially crafted comment being posted. Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability wher...
MosP kintai kanri vulnerable to authentication bypass
Overview MosP kintai kanri contains an authentication bypass vulnerability. MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
MosP kintai kanri fails to restrict access permissions
Overview MosP kintai kanri contains an issue where access permissions are not restricted. MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an issue where access permissions are not restricted. Masako Ohno reported this vulnerability to IPA. JPCERT/CC...
JVN#23465354: MosP kintai kanri fails to restrict access permissions
MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an issue where access permissions are not restricted. Impact A user's information may be obtained by another user with a MosP kintai kanri account. Solution Update the software Update to the latest...
JVN#55398821: Pebble vulnerable to open redirect
Pebble is an open source weblog system. Pebble contains an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the software Update to the...