5625 matches found
SENCHA SNS vulnerable to cross-site request forgery
Overview SENCHA SNS contains a cross-site request forgery vulnerability. SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
TOSHIBA TEC e-Studio series vulnerable to authentication bypass
Overview Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability. e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an...
JVN#92830293: TOSHIBA TEC e-Studio series vulnerable to authentication bypass
e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may...
JVN#44913777: SENCHA SNS vulnerable to cross-site request forgery
SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, arbitrary operations may be conducted on the vulnerable system. Solution Update the Software Update to the latest version provided by...
JVN#97200417: SENCHA SNS vulnerable to session fixation
SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate an honest user of the affected product. As a result, information may be altered or obtained. Solution Update the Software Update to the latest...
Janetter vulnerable to cross-site request forgery
Overview Janetter contains a cross-site request forgery vulnerability. Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA...
Janetter vulnerable to information disclosure
Overview Janetter contains an information disclosure vulnerability. Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA. JPCERT/...
JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability
Overview JP1/Cm2/Network Node Manager i NNMi contains vulnerabilities could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...
JVN#83459967: Janetter vulnerable to cross-site request forgery
Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, the user may be impersonated to post tweets, upload local image files, and OS commands may be...
JVN#10745573: Janetter vulnerable to information disclosure
Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, session information used to communicate with Twitter may be disclosed. Solution Update the software...
Redmine vulnerable to cross-site scripting
Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
twicca fails to restrict access permissions
Overview twicca contains an issue where access permissions are not restricted. twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this...
JVN#93406632: Redmine vulnerable to cross-site scripting
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affecte...
JVN#31860555: twicca fails to restrict access permissions
twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...
Jenkins vulnerable to cross-site scripting
Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Note that this vulnerability is different from JVN14791558. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Jenkins vulnerable to cross-site scripting
Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA...
SquirrelMail plugin Autocomplete vulnerable to cross-site scripting
Overview The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability. The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting...
JVN#56653852: SquirrelMail plugin Autocomplete vulnerable to cross-site scripting
The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#79950061: Jenkins vulnerable to cross-site scripting
Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN14791558. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...
JVN#14791558: Jenkins vulnerable to cross-site scripting
Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...
ES File Explorer fails to restrict access permissions
Overview ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted. ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted. Shiongu of satoweb and...
JVN#08871006: ES File Explorer fails to restrict access permissions
ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted. Impact When using a specific function, a remote attacker may obtain local files that the application has permissions to view. Solution Upda...
Kingsoft Internet Security 2011 vulnerable to denial-of-service
Overview Kingsoft Internet Security 2011 contains a denial-of-service DoS vulnerability. Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service DoS. Satoshi TANDA of Fourteenforty Research Institute Inc. reported this vulnerability t...
JVN#31517714: Kingsoft Internet Security 2011 vulnerable to denial-of-service
Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service DoS. Impact An attacker that can login to the system with the software running may cause a denial-of-service DoS. Solution Update the Software Update to the latest version...
Movable Type vulnerable to session hijacking
Overview Movable Type contains a session hijacking vulnerability. Movable Type contains a session hijacking vulnerability in entering comments and community functionality. Impact A remote unauthenticated attacker may impersonate an honest user of the affected product. Solution Update the software...
Movable Type vulnerable to OS command injection
Overview Movable Type contains an OS command injection vulnerability. Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each produ...
Movable Type vulnerable to cross-site request forgery
Overview Movable Type contains a cross-site request forgery vulnerability. Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or...
JVN#49836527: Movable Type vulnerable to cross-site scripting
mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each product according to the information provided by the developer. Products...
JVN#20083397: Movable Type vulnerable to session hijacking
Movable Type contains a session hijacking vulnerability in entering comments and community functionality. Impact A remote unauthenticated attacker may impersonate an honest user of the affected product. Solution Update the software Update to the latest version of each product according to the...
JVN#92683325: Movable Type vulnerable to OS command injection
Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest version of each product according to the information provided by the...
JVN#70683217: Movable Type vulnerable to cross-site request forgery
Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or altered. Solution Update the software Update to the latest version for each...
Multiple COOKPAD applications for Android vulnerable in WebView class
Overview Multiple COOKPAD applications for Android contain a vulnerability in WebView class. Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Gaku Mochizuki of Mitsui Bussan...
JVN#25731073: Multiple COOKPAD applications for Android vulnerable in WebView class
Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Impact If an user of the affected product uses other malicious Android application, the information contained in the affecte...
cforms II vulnerable to cross-site scripting
Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...
JVN#35256978: cforms II vulnerable to cross-site scripting
cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
ALFTP may insecurely load executable files
Overview ALFTP may use unsafe methods for determining how to load executables. ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files. For example, if an user tries to open README a file without extention which exists in t...
JVN#85695061: ALFTP may insecurely load executable files
ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files. For example, if an user tries to open README a file without extention which exists in the same directory where README.exe a file with .exe extention exists, README.ex...
Apache Struts 2 vulnerable to an arbitrary Java method execution
Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...
JVN#79099262: Apache Struts 2 vulnerable to an arbitrary Java method execution
Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is contained in action. Impact If a remote attacker sends a malformed request parameter ...
Pocket WiFi (GP02) vulnerable to cross-site request forgery
Overview Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Pocket WiFi GP02 provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA...
JVN#33021167: Pocket WiFi (GP02) vulnerable to cross-site request forgery
Pocket WiFi GP02 provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings of Pocket WiFi GP02 may be initialized, or Pocket WiFi GP02 may be rebooted. Solution...
Arbitrary Code Execution Vulnerability in Hitachi COBOL2002
Overview Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite contain a vulnerability where arbitrary code may be executed. Impact A remote attacker could execute arbitrary code via unknown attack vectors. Solution Please refer to the 'Vendor Information' section for the offici...
Hitachi IT Operations Director Cross-Site Scripting Vulnerability
Overview Hitachi IT Operations Director contains a cross-site scripting vulnerability. Impact A remote attacker could inject arbitrary web script or HTML. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Hitachi IT Operations Analyzer Cross-Site Scripting Vulnerability
Overview Hitachi IT Operations Analyzer contains a cross-site scripting vulnerability. Impact A remote attacker could inject arbitrary web script or HTML. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
glucose 2 vulnerable to arbitrary script execution
Overview glucose 2 is vulnerable to arbitrary script execution. glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
JVN#65869891: glucose 2 vulnerable to arbitrary script execution
glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Impact An arbitrary script may be executed on the vulnerable system. Solution Update the software Update to the latest version...
osCommerce Japanese version vulnerable to cross-site scripting
Overview osCommerce Japanese version contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this...
osCommerce vulnerable to cross-site scripting
Overview osCommerce contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
osCommerce vulnerable to directory traversal
Overview osCommerce contains a directory traversal vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to...