5609 matches found
RSSOwl vulnerable to arbitrary script execution
Overview RSSOwl is vulnerable to arbitrary script execution. RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
Sybase EAServer vulnerable to cross-site scripting
Overview EAServer contains a cross-site scripting vulnerability. EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#47662377: Sybase EAServer vulnerable to cross-site scripting
EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...
JVN#77947437: RSSOwl vulnerable to arbitrary script execution
RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#39707339: Opera fails to verify SSL server certificates
Opera is a web browser. Opera contains an issue where it fails to verify SSL server certificates. Impact The user may unknowingly connect to a site that is using a certificate not authorized by a CA. As a result, the user may become a victim of phishing. Solution Update the software Update to the...
JVN#85934986: Logitec LAN-W300N/R series fails to restrict access permissions
The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may be changed or altered by the attacker who...
JVN#21422837: Roundcube Webmail vulnerable to cross-site scripting
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when viewing a specially crafted image file. Solution Update the...
iLunascape for Android vulnerable in the WebView class
Overview iLunascape for Android contains a vulnerability in the WebView class. iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
JVN#86044443: iLunascape for Android vulnerable in the WebView class
iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the...
Drupal Form API fails to validate the redirect URL
Overview Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Katsuhiko Nakanishi from NEC...
JVN#45898075: Drupal Form API fails to validate the redirect URL
Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Impact A remote attacker may change the redirect URL of a form. As a result, information such as authentication credentials may be disclosed...
baserCMS vulnerable to session management
Overview baserCMS contains a vulnerability in session management. baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability in session management. Impact If a web server is hosting several websites, and baserCMS are installed on the respective websites, an...
WEB MART from KENT-WEB vulnerable to cross-site scripting
Overview WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability. WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting. Isayama Takayoshi ...
WEB MART from KENT-WEB vulnerable to cross-site scripting
Overview WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability. WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secu...
Arbitrary Code Execution Vulnerability in Hitachi COBOL GUI Option on Windows
Overview Hitachi COBOL GUI Option on Windows contains a vulnerability where arbitrary code may be executed. This problem does not occur when only the following runtime products are solely used. COBOL GUI Option Run Time System Version 6 COBOL GUI Option Server Run Time System Version 6 COBOL GUI...
JVN#47536971: WEB MART from KENT-WEB vulnerable to cross-site scripting
WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...
JVN#63941302: WEB MART from KENT-WEB vulnerable to cross-site scripting
WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...
JVN#53465692: baserCMS vulnerable to session management
baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability in session management. Impact If a web server is hosting several websites, and baserCMS are installed on the respective websites, an administrator of a baserCMS can access baserCMS instance of the other...
sp mode mail issue in the verification of SSL certificates
Overview sp mode mail contains an issue in the verification of the SSL server certificate. sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA...
OSQA vulnerable to cross-site scripting
Overview OSQA The Open Source Q system contains a cross-site scripting vulnerability. OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
JVN#15503729: OSQA vulnerable to cross-site scripting
OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided the developer. According to the developer, this...
JVN#82029095: sp mode mail issue in the verification of SSL certificates
sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Impact Since no warning is issued when connecting to a server that is using an invalid SSL server certificate, a remote attacker may be able to intercept communications. Solution Update the...
Multiple JustSystems products vulnerable to buffer overflow
Overview Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability. Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files. Tielei Wang of Georgia Tech Information Security Center...
Multiple JustSystems products may insecurely load dynamic libraries
Overview Multiple JustSystems products may use unsafe methods for determining how to load DLL's. Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA...
JVN#95378720: Multiple JustSystems products may insecurely load dynamic libraries
Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Update the software Apply the appropriate update according to the...
JVN#09619876: Multiple JustSystems products vulnerable to buffer overflow
Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files. Impact If this vulnerability is exploited, a system may be crashed or arbitrary code may be executed. Solution Update the Software Apply the appropriate update...
TwitRocker2 (Android version) vulnerable in the WebView class
Overview TwitRocker2 Android version contains a vulnerability in the WebView class. TwitRocker2 is a client software for using twitter. TwitRocker2 Android version contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...
JVN#00000601: TwitRocker2 (Android version) vulnerable in the WebView class
TwitRocker2 is a client software for using twitter. TwitRocker2 Android version contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the...
ActiveScriptRuby vulnerable to arbitrary Ruby script execution
Overview ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on a web browser that can execute ActiveX controls when HTML is displayed. ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where...
Dokodemo Rikunabi 2013 vulnerable to cross-site scripting
Overview Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Dokodemo Rikunabi 2013 is an extension for Google Chrome. Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences,Tohoku University reported this...
JVN#33283707: ActiveScriptRuby vulnerable to arbitrary Ruby script execution
ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on the web browser that can execute ActiveX controls when HTML is displayed. Impact A remote attacker may be able to obtain...
JVN#90055996: Dokodemo Rikunabi 2013 vulnerable to cross-site scripting
Dokodemo Rikunabi 2013 is an extension for Google Chrome. Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on user's Google Chrome. Solution Update the software Update to the latest version according to the information provided by th...
Vulnerability in Fujitsu Interstage List Works Where Permissions Cannot Be Denied
Overview Fujitsu Interstage List Works has a vulnerability where, when Everyone or a group is granted permissions to access the archive folder and data through the management tool or command line, denying permissions for a specific user who belongs to these groups fails and is not reflected on th...
SENCHA SNS vulnerable to session fixation
Overview SENCHA SNS contains a session fixation vulnerability. SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
SENCHA SNS vulnerable to cross-site request forgery
Overview SENCHA SNS contains a cross-site request forgery vulnerability. SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
TOSHIBA TEC e-Studio series vulnerable to authentication bypass
Overview Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability. e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an...
JVN#44913777: SENCHA SNS vulnerable to cross-site request forgery
SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, arbitrary operations may be conducted on the vulnerable system. Solution Update the Software Update to the latest version provided by...
JVN#97200417: SENCHA SNS vulnerable to session fixation
SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate an honest user of the affected product. As a result, information may be altered or obtained. Solution Update the Software Update to the latest...
JVN#92830293: TOSHIBA TEC e-Studio series vulnerable to authentication bypass
e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may...
Janetter vulnerable to cross-site request forgery
Overview Janetter contains a cross-site request forgery vulnerability. Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA...
Janetter vulnerable to information disclosure
Overview Janetter contains an information disclosure vulnerability. Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA. JPCERT/...
JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability
Overview JP1/Cm2/Network Node Manager i NNMi contains vulnerabilities could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...
JVN#10745573: Janetter vulnerable to information disclosure
Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, session information used to communicate with Twitter may be disclosed. Solution Update the software...
JVN#83459967: Janetter vulnerable to cross-site request forgery
Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, the user may be impersonated to post tweets, upload local image files, and OS commands may be...
Redmine vulnerable to cross-site scripting
Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
twicca fails to restrict access permissions
Overview twicca contains an issue where access permissions are not restricted. twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this...
JVN#93406632: Redmine vulnerable to cross-site scripting
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affecte...
JVN#31860555: twicca fails to restrict access permissions
twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...
Jenkins vulnerable to cross-site scripting
Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Note that this vulnerability is different from JVN14791558. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Jenkins vulnerable to cross-site scripting
Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA...