5609 matches found
Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
Overview Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered. Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Keita Haga of keitahaga.com reported this vulnerability to...
Multiple web browsers vulnerable in processing Tranfer-Encoding header
Overview Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as ...
JVN#90389651: Multiple web browsers vulnerable in processing Tranfer-Encoding header
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server. Impact An arbitrary script may be executed on the user's web...
JVN#51769987: Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Impact A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Solution Update the software Update ...
Sleipnir Mobile for Android vulnerable in the WebView class
Overview Sleipnir Mobile for Android contains a vulnerability in the WebView class. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...
JVN#88643450: Sleipnir Mobile for Android vulnerable in the WebView class
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...
Privilege escalation vulnerability in Hitachi JP1/NETM/DM
Overview The package setup manager in Hitachi JP1/NETM/DM contains an privilege escalation vulnerability. Impact A remote attacker could gain privileges via unknown attack vectors. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...
Yahoo! Browser vulnerable in the WebView class
Overview Yahoo! Browser contains a vulnerability in the WebView class. Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...
JVN#46088915: Yahoo! Browser vulnerable in the WebView class
Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Update t...
Movable Type plugin MT4i vulnerable to cross-site scripting
Overview MT4i contains a cross-site scripting vulnerability. MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN80835745. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
YY-BOARD vulnerable to cross-site scripting
Overview YY-BOARD contains a cross-site scripting vulnerability. YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with...
Movable Type plugin MT4i vulnerable to cross-site scripting
Overview MT4i contains a cross-site scripting vulnerability. MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79111101. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Ruby hash table implementation vulnerable to denial-of-service
Overview The hash table implementation in Ruby contains a denial-of-service DoS vulnerability. The hash table implementation in Ruby contains an issue, where it may intentionally create a series of strings whose hash values collide. As a result, a denial-of-service DoS attack may be conducted...
JVN#79111101: Movable Type plugin MT4i vulnerable to cross-site scripting
MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN80835745. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
The hash table implementation in Ruby contains an issue, where it may intentionally create a series of strings whose hash values collide. As a result, a denial-of-service DoS attack may be conducted. Impact When processing a series of specially crafted strings, a denial-of-service DoS may occur...
JVN#03582364: YY-BOARD vulnerable to cross-site scripting
YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...
JVN#80835745: Movable Type plugin MT4i vulnerable to cross-site scripting
MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79111101. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...
Yome Collection for Android issue in management of IMEI
Overview Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity IMEI on a SD card. Applications without the READPHONESTATE permission may obtain the IMEI from the SD card. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University...
Zenphoto vulnerable to cross-site scripting
Overview Zenphoto contains a cross-site scripting vulnerability. Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
JVN#05102851: Yome Collection for Android issue in management of IMEI
Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity IMEI on a SD card. Applications without the READPHONESTATE permission may obtain the IMEI from the SD card. Impact If a user of the affected product uses a malicious Android application, the IME...
JVN#59842447: Zenphoto vulnerable to cross-site scripting
Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...
Python SimpleHTTPServer vulnerable to cross-site scripting
Overview The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Keigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script...
WEB PATIO vulnerable to cross-site scripting
Overview WEB PATIO contains a cross-site scripting vulnerability. WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated wi...
SmallPICT vulnerable to cross-site scripting
Overview SmallPICT contains a cross-site scripting vulnerability. SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
WEB PATIO vulnerable to cross-site scripting
Overview WEB PATIO contains a cross-site scripting vulnerability. WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling cookies, which may result in cross-site scripting. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA. JPCERT/CC...
JVN#58102473: WEB PATIO vulnerable to cross-site scripting
WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...
JVN#51176027: Python SimpleHTTPServer vulnerable to cross-site scripting
The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. According to the developer, this issue exists only when using Internet Explorer 7. Solution Update the software Update to the latest version...
JVN#36993373: SmallPICT vulnerable to cross-site scripting
SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affecte...
JVN#33171616: WEB PATIO vulnerable to cross-site scripting
WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...
Dolphin Browser vulnerable in the WebView class
Overview Dolphin Browser contains a vulnerability in the WebView class. Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
JVN#90751882: Dolphin Browser vulnerable in the WebView class
Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Upda...
Flash Player issue in implementations of the Same Origin Policy
Overview Flash Player contains an issue in implementations of the Same Origin Policy. SoundMixer.computeSpectrum method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA. JPCERT/...
JVN#38163638: Flash Player issue in implementations of the Same Origin Policy
SoundMixer.computeSpectrum method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Impact An attacker may obtain sound spectrum data that user playing in violation of the same-origin policy. Solution Update the Software Update to the latest version...
FeedDemon vulnerable to arbitrary script execution
Overview FeedDemon is vulnerable to arbitrary script execution. FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Daiki Fukumori of Cybe...
JVN#18397171: FeedDemon vulnerable to arbitrary script execution
FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's...
SEIL series fail to restrict access permissions
Overview SEIL series contain an issue where access permissions are not restricted. SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted. Impact An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL...
WordPress plugin WassUp vulnerable to cross-site scripting
Overview The WordPress plugin WassUp contains a cross-site scripting vulnerability. WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#24646833: SEIL series fail to restrict access permissions
SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted. Impact An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL filter. Solution Update the Software Update to the latest version of the firmware...
JVN#15646988: WordPress plugin WassUp vulnerable to cross-site scripting
WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...
@WEB ShoppingCart vulnerable to cross-site scripting
Overview @WEB ShoppingCart contains a cross-site scripting vulnerability. @WEB ShoppingCart provided by WEBLOGIC CORPORATION. is a system for creating shopping websites. @WEB ShoppingCart contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Labo.,Inc reported this...
JVN#78305073: @WEB ShoppingCart vulnerable to cross-site scripting
@WEB ShoppingCart provided by WEBLOGIC CORPORATION. is a system for creating shopping websites. @WEB ShoppingCart contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the appropriate patch according to th...
Puella Magi Madoka Magica iP for Android vulnerable to information disclosure
Overview Puella Magi Madoka Magica iP for Android contains an information disclosure vulnerability. Puella Magi Madoka Magica iP for Android has a function to link with a Twitter account. Puella Magi Madoka Magica iP for Android contains an issue where Twitter account credentials entered by a use...
Segue vulnerable to SQL injection
Overview Segue contains a SQL injection vulnerability. Segue is a content management system. Segue contains a SQL injection vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Segue vulnerable to cross-site scripting
Overview Segue contains a cross-site scripting vulnerability. Segue is a content management system. Segue contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#97995841: Segue vulnerable to SQL injection
Segue is a content management system. Segue contains a SQL injection vulnerability. Impact A remote, unauthenticated attacker may bypass authentication and login as an administrator. Solution Do not use Segue Segue services will no longer be available after August 31, 2012. Refer to the informati...
JVN#29083866: Segue vulnerable to cross-site scripting
Segue is a content management system. Segue contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Segue Segue services will no longer be available after August 31, 2012. Refer to the information provided by the...
JVN#23328321: Puella Magi Madoka Magica iP for Android vulnerable to information disclosure
Puella Magi Madoka Magica iP for Android has a function to link with a Twitter account. Puella Magi Madoka Magica iP for Android contains an issue where Twitter account credentials entered by a user are saved in a log file in plain text. Impact Android applications with permissions to read system...
Logitec LAN-W300N/R series fails to restrict access permissions
Overview Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. Jin Sawada, Keisuke Okazaki, Naoto Katsumi of Security...
Roundcube Webmail vulnerable to cross-site scripting
Overview Roundcube webmail contains a cross-site scripting vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...
Opera fails to verify SSL server certificates
Overview Opera contains an issue where it fails to verify SSL server certificates. Opera is a web browser. Opera contains an issue where it fails to verify SSL server certificates. Impact The user may unknowingly connect to a site that is using a certificate not authorized by a CA. As a result, t...