5609 matches found
JVN#39563771: Pebble vulnerable to HTTP header injection
Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability. Impact Forged information may be displayed on the user's web browser, arbitrary scripts may be executed or arbitrary values may be set for cookies. Solution Update the software Update to the latest...
JVN#75492883: Pebble vulnerability where entries may become unviewable
Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability where blog entries may become unviewable. Impact A specially crafted comment being posted may cause an arbitrary blog entry to become...
JVN#52264310: MosP kintai kanri vulnerable to authentication bypass
MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability. Impact An attacker with a MosP kintai kanri account may impersonate another user. As a result, information may be obtained and settings may be altered with the...
Mac OS X OpenSSH vulnerable to denial-of-service (DoS)
Overview The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service. The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service. MASAKI KATAYAMA of Appirits inc Cyber Security Laboratory reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...
JVN#75345069: Mac OS X OpenSSH vulnerable to denial-of-service (DoS)
The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service. Impact A remote attacker may cause a denial-of-service. Solution Update the software Update to the latest version according to the information provided by the developer. According to the developer, versions Mac OS X 10.6 a...
Tokyo BBS vulnerable to cross-site scripting
Overview Tokyo BBS contains a cross-site scripting vulnerability. Tokyo BBS provided by Come on Girls Interface contains a cross-site scripting vulnerability. Naohiko Tsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#00322303: Tokyo BBS vulnerable to cross-site scripting
Tokyo BBS provided by Come on Girls Interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the developer. The developer is no longer distributing...
Safari vulnerable to local file content disclosure
Overview Safari contains a vulnerability where a local file may be accessed from remote, which may result in a local file content disclosure. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact B...
JVN#42676559: Safari vulnerable to local file content disclosure
Safari contains a vulnerability where a local file may be accessed from remote, which may result in a local file content disclosure. Impact By opening a specially crafted HTML document as a local file, an arbitrary local file may be obtained from remote even though access from other users is...
Smarty vulnerable to cross-site scripting
Overview Smarty contains a cross-site scripting vulnerability. Smarty is a template engine for PHP. Smarty contains a cross-site scripting vulnerability when displaying an error message. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#63650108: Smarty vulnerable to cross-site scripting
Smarty is a template engine for PHP. Smarty contains a cross-site scripting vulnerability when displaying an error message. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...
MyWebSearch vulnerable to cross-site scripting
Overview MyWebSearch contains a cross-site scripting vulnerability. MyWebSearch is a CGI script for searching within a website. MyWebSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to t...
JVN#58160713: MyWebSearch vulnerable to cross-site scripting
MyWebSearch is a CGI script for searching within a website. MyWebSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
jigbrowser+ for Android vulnerable in the WebView class
Overview jigbrowser+ for Android contains a vulnerability in the WebView class. jigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/...
JVN#86318665: jigbrowser+ for Android vulnerable in the WebView class
jigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Updat...
Trend Micro Control Manager vulnerable to SQL injection
Overview Trend Micro Control Manager contains a SQL injection vulnerability. Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC. JPCERT/CC...
JVN#42014489: Trend Micro Control Manager vulnerable to SQL injection
Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Impact An arbitrary SQL command may be executed in the backend database the product is referencing. Solution Apply a patch Apply the appropriate patch according to the information...
ATOK for Android issue in the access permissions for the learning information file
Overview ATOK for Android provided by JUST Systems, contains an issue in the access permissions for the learning information file. ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings. Gaku...
JVN#93344001: ATOK for Android issue in the access permissions for the learning information file
ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings. Impact If a user of the affected product uses other malicious Android application, the learning information file may be obtained. Solutio...
myLittleAdmin for SQL Server 2000 vulnerable to arbitrary script execution
Overview myLittleAdmin for SQL Server 2000 contains a vulnerability that may allow arbitrary script execution. myLittleAdmin for SQL server 2000 from myLittleTools is a web-based database management software.The management screen in myLittleAdmin for SQL server 2000 contains a vulnerability that...
Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service
Overview Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. contains a denial-of-service DoS vulnerability. Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. is an anti-virus package that scans emails. Email Anti-virus formerly WebShield SMTP contains a...
JVN#50701493: Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service
Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. is an anti-virus package that scans emails. Email Anti-virus formerly WebShield SMTP contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS. Solution Do not use Email...
JVN#56373673: myLittleAdmin for SQL Server 2000 vulnerable to arbitrary script execution
myLittleAdmin for SQL server 2000 from myLittleTools is a web-based database management software.The management screen in myLittleAdmin for SQL server 2000 contains a vulnerability that may allow arbitrary script execution. Impact When a user accesses a malicious database entry through the...
KUNAI Browser for Remote Service beta vulnerable in the WebView class
Overview KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class. KUNAI Browser for Remote Service beta is an Android browser software for using Cybozu. KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class. Impact When there is a maliciou...
JVN#03015214: KUNAI Browser for Remote Service beta vulnerable in the WebView class
KUNAI Browser for Remote Service beta is an Android browser software for using Cybozu. KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious fi...
Cybozu KUNAI for Android vulnerable in the WebView class
Overview Cybozu KUNAI for Android contains a vulnerability in the WebView class. Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:/...
Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
Overview Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker...
JVN#59652356: Cybozu KUNAI for Android vulnerable in the WebView class
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious file being opened and information managed b...
JVN#23568423: Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...
Cybozu Live for Android vulnerable in the WebView class
Overview Cybozu Live for Android contains a vulnerability in the WebView class. Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability ...
Cybozu Live for Android vulnerable to arbitrary Java method execution
Overview Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc...
JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...
JVN#77393797: Cybozu Live for Android vulnerable in the WebView class
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious file being opened and information managed...
Opera address bar spoofing vulnerability
Overview Opera contains a vulnerability where the URL displayed in the address bar may be spoofed. Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other. Masahiro Yamada reported this...
Adobe Reader fails to properly handle signatures
Overview Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#51615542: Adobe Reader fails to properly handle signatures
Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Impact An attacker may be able to forge an RSA signature on a PDF document. Solution Update the software Update to the latest version according to the information provided by the developer. Note that this issue wa...
JVN#69880570: Opera address bar spoofing vulnerability
Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL bein...
mixi for Android information management vulnerability
Overview mixi for Android contains an issue which stores friends' comments on a SD card. mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Kazuhiko Kusano of...
Multiple GREE Android applications vulnerable in the WebView class
Overview Multiple Android applications provided by GREE contain a vulnerability in the WebView class. Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class. Takeshi Terada of Mitsui Bussan Secure Directions, Inc.,...
JVN#92038939: mixi for Android information management vulnerability
mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Impact If a user of the affected product uses a malicious Android application, friends' comments may be...
JVN#99192898: Multiple GREE Android applications vulnerable in the WebView class
Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Updat...
Cross-site Scripting Vulnerability in JP1/Integrated Management - Service Support
Overview A cross-site scripting vulnerability was found in JP1/Integrated Management - Service Support. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...
Sleipnir Mobile for Android vulnerable to arbitrary script execution
Overview Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc...
Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Overview Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Direction...
JVN#39519659: Sleipnir Mobile for Android vulnerable to arbitrary script execution
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Impact If a user uses a certain function of the affected product that called by other malicious Android application, an attacker may be able to execu...
JVN#99730704: Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in...
LINE for Android vulnerable in handling of implicit intents
Overview LINE for Android contains a vulnerability in the handling of implicit intents. LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...
JVN#67435981: LINE for Android vulnerable in handling of implicit intents
LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Impact Information such as messages sent by LINE may be leaked to a third party through a malicious application. Solution Update...
GoodReader vulnerable to cross-site scripting
Overview GoodReader contains a cross-site scripting vulnerability. GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#01598734: GoodReader vulnerable to cross-site scripting
GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Impact When GoodReader is used through a web browser, an arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...