5625 matches found
Adobe Reader fails to properly handle signatures
Overview Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#51615542: Adobe Reader fails to properly handle signatures
Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Impact An attacker may be able to forge an RSA signature on a PDF document. Solution Update the software Update to the latest version according to the information provided by the developer. Note that this issue wa...
JVN#69880570: Opera address bar spoofing vulnerability
Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL bein...
mixi for Android information management vulnerability
Overview mixi for Android contains an issue which stores friends' comments on a SD card. mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Kazuhiko Kusano of...
Multiple GREE Android applications vulnerable in the WebView class
Overview Multiple Android applications provided by GREE contain a vulnerability in the WebView class. Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class. Takeshi Terada of Mitsui Bussan Secure Directions, Inc.,...
JVN#92038939: mixi for Android information management vulnerability
mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Impact If a user of the affected product uses a malicious Android application, friends' comments may be...
JVN#99192898: Multiple GREE Android applications vulnerable in the WebView class
Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Updat...
Cross-site Scripting Vulnerability in JP1/Integrated Management - Service Support
Overview A cross-site scripting vulnerability was found in JP1/Integrated Management - Service Support. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...
Sleipnir Mobile for Android vulnerable to arbitrary script execution
Overview Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc...
Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Overview Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Direction...
JVN#39519659: Sleipnir Mobile for Android vulnerable to arbitrary script execution
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Impact If a user uses a certain function of the affected product that called by other malicious Android application, an attacker may be able to execu...
JVN#99730704: Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in...
LINE for Android vulnerable in handling of implicit intents
Overview LINE for Android contains a vulnerability in the handling of implicit intents. LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...
JVN#67435981: LINE for Android vulnerable in handling of implicit intents
LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Impact Information such as messages sent by LINE may be leaked to a third party through a malicious application. Solution Update...
GoodReader vulnerable to cross-site scripting
Overview GoodReader contains a cross-site scripting vulnerability. GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#01598734: GoodReader vulnerable to cross-site scripting
GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Impact When GoodReader is used through a web browser, an arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
Overview Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered. Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Keita Haga of keitahaga.com reported this vulnerability to...
Multiple web browsers vulnerable in processing Tranfer-Encoding header
Overview Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as ...
JVN#51769987: Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Impact A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Solution Update the software Update ...
JVN#90389651: Multiple web browsers vulnerable in processing Tranfer-Encoding header
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server. Impact An arbitrary script may be executed on the user's web...
Sleipnir Mobile for Android vulnerable in the WebView class
Overview Sleipnir Mobile for Android contains a vulnerability in the WebView class. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...
JVN#88643450: Sleipnir Mobile for Android vulnerable in the WebView class
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...
Privilege escalation vulnerability in Hitachi JP1/NETM/DM
Overview The package setup manager in Hitachi JP1/NETM/DM contains an privilege escalation vulnerability. Impact A remote attacker could gain privileges via unknown attack vectors. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...
Yahoo! Browser vulnerable in the WebView class
Overview Yahoo! Browser contains a vulnerability in the WebView class. Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...
JVN#46088915: Yahoo! Browser vulnerable in the WebView class
Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Update t...
Movable Type plugin MT4i vulnerable to cross-site scripting
Overview MT4i contains a cross-site scripting vulnerability. MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN80835745. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
YY-BOARD vulnerable to cross-site scripting
Overview YY-BOARD contains a cross-site scripting vulnerability. YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with...
Movable Type plugin MT4i vulnerable to cross-site scripting
Overview MT4i contains a cross-site scripting vulnerability. MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79111101. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Ruby hash table implementation vulnerable to denial-of-service
Overview The hash table implementation in Ruby contains a denial-of-service DoS vulnerability. The hash table implementation in Ruby contains an issue, where it may intentionally create a series of strings whose hash values collide. As a result, a denial-of-service DoS attack may be conducted...
JVN#03582364: YY-BOARD vulnerable to cross-site scripting
YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
The hash table implementation in Ruby contains an issue, where it may intentionally create a series of strings whose hash values collide. As a result, a denial-of-service DoS attack may be conducted. Impact When processing a series of specially crafted strings, a denial-of-service DoS may occur...
JVN#79111101: Movable Type plugin MT4i vulnerable to cross-site scripting
MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN80835745. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...
JVN#80835745: Movable Type plugin MT4i vulnerable to cross-site scripting
MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79111101. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...
Yome Collection for Android issue in management of IMEI
Overview Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity IMEI on a SD card. Applications without the READPHONESTATE permission may obtain the IMEI from the SD card. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University...
Zenphoto vulnerable to cross-site scripting
Overview Zenphoto contains a cross-site scripting vulnerability. Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
JVN#05102851: Yome Collection for Android issue in management of IMEI
Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity IMEI on a SD card. Applications without the READPHONESTATE permission may obtain the IMEI from the SD card. Impact If a user of the affected product uses a malicious Android application, the IME...
JVN#59842447: Zenphoto vulnerable to cross-site scripting
Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...
Python SimpleHTTPServer vulnerable to cross-site scripting
Overview The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Keigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script...
WEB PATIO vulnerable to cross-site scripting
Overview WEB PATIO contains a cross-site scripting vulnerability. WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated wi...
SmallPICT vulnerable to cross-site scripting
Overview SmallPICT contains a cross-site scripting vulnerability. SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
WEB PATIO vulnerable to cross-site scripting
Overview WEB PATIO contains a cross-site scripting vulnerability. WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling cookies, which may result in cross-site scripting. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA. JPCERT/CC...
JVN#58102473: WEB PATIO vulnerable to cross-site scripting
WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...
JVN#33171616: WEB PATIO vulnerable to cross-site scripting
WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...
JVN#36993373: SmallPICT vulnerable to cross-site scripting
SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affecte...
JVN#51176027: Python SimpleHTTPServer vulnerable to cross-site scripting
The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. According to the developer, this issue exists only when using Internet Explorer 7. Solution Update the software Update to the latest version...
Dolphin Browser vulnerable in the WebView class
Overview Dolphin Browser contains a vulnerability in the WebView class. Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
JVN#90751882: Dolphin Browser vulnerable in the WebView class
Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Upda...
Flash Player issue in implementations of the Same Origin Policy
Overview Flash Player contains an issue in implementations of the Same Origin Policy. SoundMixer.computeSpectrum method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA. JPCERT/...
JVN#38163638: Flash Player issue in implementations of the Same Origin Policy
SoundMixer.computeSpectrum method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Impact An attacker may obtain sound spectrum data that user playing in violation of the same-origin policy. Solution Update the Software Update to the latest version...
FeedDemon vulnerable to arbitrary script execution
Overview FeedDemon is vulnerable to arbitrary script execution. FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Daiki Fukumori of Cybe...