5625 matches found
JVN#18397171: FeedDemon vulnerable to arbitrary script execution
FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's...
SEIL series fail to restrict access permissions
Overview SEIL series contain an issue where access permissions are not restricted. SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted. Impact An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL...
WordPress plugin WassUp vulnerable to cross-site scripting
Overview The WordPress plugin WassUp contains a cross-site scripting vulnerability. WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#24646833: SEIL series fail to restrict access permissions
SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted. Impact An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL filter. Solution Update the Software Update to the latest version of the firmware...
JVN#15646988: WordPress plugin WassUp vulnerable to cross-site scripting
WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...
@WEB ShoppingCart vulnerable to cross-site scripting
Overview @WEB ShoppingCart contains a cross-site scripting vulnerability. @WEB ShoppingCart provided by WEBLOGIC CORPORATION. is a system for creating shopping websites. @WEB ShoppingCart contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Labo.,Inc reported this...
JVN#78305073: @WEB ShoppingCart vulnerable to cross-site scripting
@WEB ShoppingCart provided by WEBLOGIC CORPORATION. is a system for creating shopping websites. @WEB ShoppingCart contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the appropriate patch according to th...
Puella Magi Madoka Magica iP for Android vulnerable to information disclosure
Overview Puella Magi Madoka Magica iP for Android contains an information disclosure vulnerability. Puella Magi Madoka Magica iP for Android has a function to link with a Twitter account. Puella Magi Madoka Magica iP for Android contains an issue where Twitter account credentials entered by a use...
Segue vulnerable to SQL injection
Overview Segue contains a SQL injection vulnerability. Segue is a content management system. Segue contains a SQL injection vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Segue vulnerable to cross-site scripting
Overview Segue contains a cross-site scripting vulnerability. Segue is a content management system. Segue contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#97995841: Segue vulnerable to SQL injection
Segue is a content management system. Segue contains a SQL injection vulnerability. Impact A remote, unauthenticated attacker may bypass authentication and login as an administrator. Solution Do not use Segue Segue services will no longer be available after August 31, 2012. Refer to the informati...
JVN#29083866: Segue vulnerable to cross-site scripting
Segue is a content management system. Segue contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Segue Segue services will no longer be available after August 31, 2012. Refer to the information provided by the...
JVN#23328321: Puella Magi Madoka Magica iP for Android vulnerable to information disclosure
Puella Magi Madoka Magica iP for Android has a function to link with a Twitter account. Puella Magi Madoka Magica iP for Android contains an issue where Twitter account credentials entered by a user are saved in a log file in plain text. Impact Android applications with permissions to read system...
Logitec LAN-W300N/R series fails to restrict access permissions
Overview Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. Jin Sawada, Keisuke Okazaki, Naoto Katsumi of Security...
Roundcube Webmail vulnerable to cross-site scripting
Overview Roundcube webmail contains a cross-site scripting vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...
Opera fails to verify SSL server certificates
Overview Opera contains an issue where it fails to verify SSL server certificates. Opera is a web browser. Opera contains an issue where it fails to verify SSL server certificates. Impact The user may unknowingly connect to a site that is using a certificate not authorized by a CA. As a result, t...
RSSOwl vulnerable to arbitrary script execution
Overview RSSOwl is vulnerable to arbitrary script execution. RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
Sybase EAServer vulnerable to cross-site scripting
Overview EAServer contains a cross-site scripting vulnerability. EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#47662377: Sybase EAServer vulnerable to cross-site scripting
EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...
JVN#39707339: Opera fails to verify SSL server certificates
Opera is a web browser. Opera contains an issue where it fails to verify SSL server certificates. Impact The user may unknowingly connect to a site that is using a certificate not authorized by a CA. As a result, the user may become a victim of phishing. Solution Update the software Update to the...
JVN#21422837: Roundcube Webmail vulnerable to cross-site scripting
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when viewing a specially crafted image file. Solution Update the...
JVN#77947437: RSSOwl vulnerable to arbitrary script execution
RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#85934986: Logitec LAN-W300N/R series fails to restrict access permissions
The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may be changed or altered by the attacker who...
iLunascape for Android vulnerable in the WebView class
Overview iLunascape for Android contains a vulnerability in the WebView class. iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
JVN#86044443: iLunascape for Android vulnerable in the WebView class
iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the...
Drupal Form API fails to validate the redirect URL
Overview Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Katsuhiko Nakanishi from NEC...
JVN#45898075: Drupal Form API fails to validate the redirect URL
Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Impact A remote attacker may change the redirect URL of a form. As a result, information such as authentication credentials may be disclosed...
baserCMS vulnerable to session management
Overview baserCMS contains a vulnerability in session management. baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability in session management. Impact If a web server is hosting several websites, and baserCMS are installed on the respective websites, an...
WEB MART from KENT-WEB vulnerable to cross-site scripting
Overview WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability. WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting. Isayama Takayoshi ...
WEB MART from KENT-WEB vulnerable to cross-site scripting
Overview WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability. WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secu...
Arbitrary Code Execution Vulnerability in Hitachi COBOL GUI Option on Windows
Overview Hitachi COBOL GUI Option on Windows contains a vulnerability where arbitrary code may be executed. This problem does not occur when only the following runtime products are solely used. COBOL GUI Option Run Time System Version 6 COBOL GUI Option Server Run Time System Version 6 COBOL GUI...
JVN#63941302: WEB MART from KENT-WEB vulnerable to cross-site scripting
WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...
JVN#53465692: baserCMS vulnerable to session management
baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability in session management. Impact If a web server is hosting several websites, and baserCMS are installed on the respective websites, an administrator of a baserCMS can access baserCMS instance of the other...
JVN#47536971: WEB MART from KENT-WEB vulnerable to cross-site scripting
WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...
sp mode mail issue in the verification of SSL certificates
Overview sp mode mail contains an issue in the verification of the SSL server certificate. sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA...
OSQA vulnerable to cross-site scripting
Overview OSQA The Open Source Q system contains a cross-site scripting vulnerability. OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
JVN#15503729: OSQA vulnerable to cross-site scripting
OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided the developer. According to the developer, this...
JVN#82029095: sp mode mail issue in the verification of SSL certificates
sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Impact Since no warning is issued when connecting to a server that is using an invalid SSL server certificate, a remote attacker may be able to intercept communications. Solution Update the...
Multiple JustSystems products vulnerable to buffer overflow
Overview Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability. Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files. Tielei Wang of Georgia Tech Information Security Center...
Multiple JustSystems products may insecurely load dynamic libraries
Overview Multiple JustSystems products may use unsafe methods for determining how to load DLL's. Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA...
JVN#95378720: Multiple JustSystems products may insecurely load dynamic libraries
Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Update the software Apply the appropriate update according to the...
JVN#09619876: Multiple JustSystems products vulnerable to buffer overflow
Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files. Impact If this vulnerability is exploited, a system may be crashed or arbitrary code may be executed. Solution Update the Software Apply the appropriate update...
TwitRocker2 (Android version) vulnerable in the WebView class
Overview TwitRocker2 Android version contains a vulnerability in the WebView class. TwitRocker2 is a client software for using twitter. TwitRocker2 Android version contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
JVN#00000601: TwitRocker2 (Android version) vulnerable in the WebView class
TwitRocker2 is a client software for using twitter. TwitRocker2 Android version contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the...
ActiveScriptRuby vulnerable to arbitrary Ruby script execution
Overview ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on a web browser that can execute ActiveX controls when HTML is displayed. ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where...
Dokodemo Rikunabi 2013 vulnerable to cross-site scripting
Overview Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Dokodemo Rikunabi 2013 is an extension for Google Chrome. Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences,Tohoku University reported this...
JVN#33283707: ActiveScriptRuby vulnerable to arbitrary Ruby script execution
ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on the web browser that can execute ActiveX controls when HTML is displayed. Impact A remote attacker may be able to obtain...
JVN#90055996: Dokodemo Rikunabi 2013 vulnerable to cross-site scripting
Dokodemo Rikunabi 2013 is an extension for Google Chrome. Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on user's Google Chrome. Solution Update the software Update to the latest version according to the information provided by th...
Vulnerability in Fujitsu Interstage List Works Where Permissions Cannot Be Denied
Overview Fujitsu Interstage List Works has a vulnerability where, when Everyone or a group is granted permissions to access the archive folder and data through the management tool or command line, denying permissions for a specific user who belongs to these groups fails and is not reflected on th...
SENCHA SNS vulnerable to session fixation
Overview SENCHA SNS contains a session fixation vulnerability. SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...