5625 matches found
JVN#75585394: NEC Universal RAID Utility fails to restrict access permissions
NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted. Impact A remote unauthenticated attacker may conduct arbitrary operations against the HDD on the vulunerable RAID system. Solution Update...
3DM (3ware Disk Manager) vulnerable to directory traversal
Overview 3DM 3ware Disk Manager contains a directory traversal vulnerability. 3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability. yamaguchi tsuyoshi of Digiplate.inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#02596643: 3DM (3ware Disk Manager) vulnerable to directory traversal
3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files. Solution Use 3DM2 The developer states that the development of 3DM is discontinued and there are no plans for 3DM to be modified. U...
GREE for Android vulnerable to directory traversal
Overview GREE for Android contains a directory traversal vulnerability. GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
imgboard vulnerable to cross-site scripting
Overview imgboard contains a cross-site scripting vulnerability. imgboard provided by imgboard.com CGI Download Center formerly 1998 t-club CGI Download Center is a bulletin board software that supports posting picture files. imgboard contains a cross-site scripting vulnerability. Yuji Tounai of...
JVN#09223079: imgboard vulnerable to cross-site scripting
imgboard provided by imgboard.com CGI Download Center formerly 1998 t-club CGI Download Center is a bulletin board software that supports posting picture files. imgboard contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
JVN#78601526: GREE for Android vulnerable to directory traversal
GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability. Impact If a user of the affected product uses another malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Updat...
Accela BizSearch Gateway Option for TeamWARE Spoofing Vulnerability
Overview Accela BizSearch Gateway Option for TeamWARE, when the TeamWARE Gateway and Single Sign-On are enabled, which allows remote attackers to spoof user accounts of TeamWARE Office under specified conditions. Impact A remote attacker could spoof user accounts of TeamWARE Office under specifie...
User Authentication Vulnerability in Operational Management Function of Cosminexus
Overview The operational management function of Cosminexus does not properly require authentication for manipulation of an operational management portal, which allows remote attackers to delete and replace applications which other users attached. Impact A remote attacker could delete and replace...
Cybozu Garoon vulnerable to SQL injection
Overview Cybozu Garoon contains an SQL injection vulnerability. Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
JVN#07629635: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability. Impact A user with the "logging" permission may obtain information managed by the product. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#95863326: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser when the user is assigned the "logging" permission. Solution Update the Software Update to the latest version accordin...
mora Downloader may insecurely load executable files
Overview mora Downloader may use unsafe methods for determining how to load executables .exe mora Downloader contains an issue in the file search path when loading files, which may insecurely load executables or other files. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku...
JVN#91387819: mora Downloader may insecurely load executable files
mora Downloader contains an issue in the file search path when loading files, which may insecurely load executables or other files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest version according to t...
Weathernews Touch for Android stores location information in the system log file
Overview Weathernews Touch for Android contains a vulnerability that stores location information in the system log file. Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the...
JVN#86040029: Weathernews Touch for Android stores location information in the system log file
Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the system log file. Impact Android applications with permissions to read system log files may obtain location information...
WebSphere Application Server (WAS) vulnerable to cross-site scripting
Overview WebSphere Application Server WAS provided by IBM contains a cross-site scripting vulnerability. WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Eiji James Yoshida of Security Professionals Network Inc...
JVN#24343509: WebSphere Application Server (WAS) vulnerable to cross-site scripting
WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the develope...
myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting
Overview myu-s and PHP WeblogSystem by netmania contain a cross-site scripting vulnerability. myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software...
JVN#99681273: myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting
myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest product released on Feb.16, 2012 or a fixed myu-s according to the...
Documents Pro (formerly Files HD) vulnerable to directory traversal
Overview Documents Pro provided by Olive Toast Software Ltd. contains a directory traversal vulnerability. Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a directory traversal vulnerability. Keigo Yamazaki of LAC Co., Ltd reported...
Documents Pro (formerly Files HD) vulnerable to cross-site scripting
Overview Documents Pro provided by Olive Toast Software Ltd. contains a cross-site scripting vulnerability. Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. report...
JVN#91881278: Documents Pro (formerly Files HD) vulnerable to cross-site scripting
Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Impact When a user uses Documents Pro through a web browser, an arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#52197991: Documents Pro (formerly Files HD) vulnerable to directory traversal
Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a directory traversal vulnerability. Impact A guest user may view, delete or perform other actions on files that it does not have privileges to. Solution Update the software Update to...
Cross-site Scripting Vulnerability in Collaboration - Bulletin board in Multiple Hitachi Products
Overview A cross-site scripting vulnerability has been found in Collaboration - Bulletin board in multiple Hitachi products. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...
concrete5 vulnerable to cross-site scripting
Overview concrete5 contains a cross-site scripting vulnerability. concrete5 is an open source content management system CMS. concrete5 contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Loctouch for Android information management vulnerability
Overview Loctouch for Android contains an information management vulnerability. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains an information management vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported...
Loctouch for Android vulnerable in handling of implicit intents
Overview Loctouch for Android contains a vulnerability in the handling of implicit intents. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...
JVN#33159152: Loctouch for Android information management vulnerability
Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains an information management vulnerability. Impact Android applications with permission to read system log files may obtain log information stored by the product that are intended to be...
JVN#65458431: concrete5 vulnerable to cross-site scripting
concrete5 is an open source content management system CMS. concrete5 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the develope...
JVN#42625179: Loctouch for Android vulnerable in handling of implicit intents
Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Impact Location logs that include non-public information may be leaked to a third party through a malicious Android application...
Opera Mini / Opera Mobile for Android vulnerable in the WebView class
Overview Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Opera Mini and Opera Mobile are web browsers for mobile devices. Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions,...
Boat Browser / Boat Browser Mini vulnerable in the WebView class
Overview Boat Browser and Boat Browser Mini contain an issue in the WebView class. Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc...
JVN#69589791: Boat Browser / Boat Browser Mini vulnerable in the WebView class
Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed...
JVN#27691264: Opera Mini / Opera Mobile for Android vulnerable in the WebView class
Opera Mini and Opera Mobile are web browsers for mobile devices. Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Impact If a user of the affected product uses another malicious Android application, information managed by the product may be disclosed. Solution...
WikkaWiki vulnerable to cross-site scripting
Overview WikkaWiki contains a cross-site scripting vulnerability. WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#66596216: WikkaWiki vulnerable to cross-site scripting
WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Product...
Welcart vulnerable to cross-site request forgery
Overview Welcart contains a cross-site request forgery vulnerability. Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability. Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IP...
Welcart vulnerable to cross-site scripting
Overview Welcart contains a cross-site scripting vulnerability. Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IPA. JPCERT/CC...
JVN#18731696: Welcart vulnerable to cross-site scripting
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the management page of Welcart. Solution Update the software Update to the latest version according to the...
JVN#53269985: Welcart vulnerable to cross-site request forgery
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability. Impact If a logged in user views a malicious page after an item has been added in the shopping cart, the purchase process may unexpectedly be complete...
KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
Overview ACCESS REPORT provided by KENT-WEB contains a cross-site scripting vulnerability. ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded int...
KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
Overview ACCESS REPORT provided by KENT-WEB contains a cross-site scripting vulnerability. ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability. Note th...
JVN#23563149: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Note that this vulnerability is different from JVN68830017. Impact An...
JVN#68830017: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability. Note that this vulnerability is different from JVN23563149. Impact An arbitrary script may be...
Multiple KYOCERA mobile devices may reboot during email reception
Overview Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will...
JVN#83907168: Multiple KYOCERA mobile devices may reboot during email reception
Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email. Impact When receiving an invalid email, the device will always reboot,...
Denial of Service (DoS) Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
Overview JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability that could allow a remote attacker to cause a denial of service DoS condition. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer to the...
Hitachi Device Manager Software Denial of Service (DoS) Vulnerability
Overview Hitachi Device Manager Software HDvM contains a denial of service abend vulnerability when receiving a large amount of data at once. If HDvM exits abnormally, users will be able to resume using the software by restarting the HDvM service or daemon. Impact A remote attacker could cause a...