5625 matches found
Multiple SKYARC System Co., Ltd. products fail to restrict access permissions
Overview Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. Impact A user without the...
JVN#41032068: Multiple SKYARC System Co., Ltd. products fail to restrict access permissions
MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. Impact A user without the appropriate privileges may alter settings and files. Solution Apply an update Update to the latest version according to the informati...
JVN#56667137: Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery
MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into MTCMS or a Movable Type implementation with any of the plugins from "Products Affected" running, information...
Touhou Hisouten vulnerable to denial-of-service
Overview Touhou Hisouten from Twilight Frontier contains a denial-of-service DoS vulnerability. Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Yu...
Multiple D-Link products vulnerable to buffer overflow
Overview Multiple D-Link products contain a buffer overflow vulnerability. Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated wit...
FFFTP may insecurely load executable files
Overview FFFTP may use unsafe methods for determining how to load executables .exe FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC...
JVN#50227837: Touhou Hisouten vulnerable to denial-of-service
Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Impact A remote attacker may cause an unexpected application termination. Solution Apply a patch...
JVN#72640744: Multiple D-Link products vulnerable to buffer overflow
Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Impact A remote attacker may cause a denial of service DoS or execute arbitrary code. Solution Update the Firmware Update to the latest version of firmware according to the information provided by...
JVN#62336482: FFFTP may insecurely load executable files
FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest...
Safari for iOS vulnerable to cross-site scripting
Overview Safari for iOS provided by Apple contains a cross-site scripting vulnerability. Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc...
JVN#41657660: Safari for iOS vulnerable to cross-site scripting
Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Impact Opening a maliciously crafted file may lead to an arbitrary script being executed on the user's web browser. Solution Update...
EC-CUBE vulnerable to SQL injection
Overview EC-CUBE contains a SQL injection vulnerability. EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue in assembling SQL statements, leading to a SQL injection vulnerability. This vulnerability is different from JVN81111541...
DBD::mysqlPP vulnerable to SQL injection
Overview DBD::mysqlPP contains a SQL injection vulnerability. DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#44496332: EC-CUBE vulnerable to SQL injection
EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue in assembling SQL statements, leading to a SQL injection vulnerability. This vulnerability is different from JVN81111541 and JVN19072922. Impact A remote, unauthenticated attacke...
JVN#51216285: DBD::mysqlPP vulnerable to SQL injection
DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability. Impact An attacker may view or alter information stored in the database. Solution Do not use DBD::mysqlPP According to the developer, "DBD::mysqlPP was developed as a jok...
DAEMON Tools vulnerable to denial-of-service
Overview DAEMON Tools contains a denial-of-service DoS vulnerability. DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service DoS vulnerability. Satoshi Tanda of Fourteenforty Research Institute Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...
Pligg vulnerable to cross-site scripting
Overview Pligg contains a cross-site scripting vulnerability. Pligg is a Content Management System CMS. Pligg contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
Plume vulnerable to cross-site scripting
Overview Plume contains a cross-site scripting vulnerability. Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
JVN#07414354: DAEMON Tools vulnerable to denial-of-service
DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service DoS vulnerability. Impact An attacker that can login to the system with the software running may cause the system to crash. Solution Update the Software Update to the latest version according to the...
JVN#04013920: Pligg vulnerable to cross-site scripting
Pligg is a Content Management System CMS. Pligg contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected...
JVN#08307791: Plume vulnerable to cross-site scripting
Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged in as administrator. Solution Update the Software Update to the latest version according to the information provide...
WEB FORUM vulnerable to cross-site scripting
Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin-board software. WEB FORUM contains a vulnerability in handling web form entries, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure...
WEB FORUM vulnerable to cross-site scripting
Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure...
WEB FORUM vulnerable to cross-site scripting
Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui...
Cybozu Office vulnerable in restricting access
Overview Cybozu Office contains a vulnerability in restricting access permissions. Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
A-Form vulnerable in restricting access
Overview A-Form contains a vulnerability in restricting access permissions. A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions. Impact Information managed by A-Form may be altered by a user who does not hav...
Enkai-kun vulnerable to cross-site scripting
Overview Enkai-kun provided by utage.org contains a cross-site scripting vulnerability. Ayumi Yamaguchi of Niconicom Co.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be execut...
JVN#89764731: WEB FORUM vulnerable to cross-site scripting
WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according ...
JVN#80971236: WEB FORUM vulnerable to cross-site scripting
WEB FORUM provided by KENT-WEB is a bulletin-board software. WEB FORUM contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...
JVN#36684331: WEB FORUM vulnerable to cross-site scripting
WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the lates...
JVN#03869266: Enkai-kun vulnerable to cross-site scripting
Enkai-kun provided by utage.org contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Versions prior t...
JVN#84838479: Cybozu Office vulnerable in restricting access
Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions. Impact A user without the appropriate privileges may view an arbitrary user's attendance information. Solution Upgrade the Software Upgrade to Cybozu Office 9 that has addressed this...
JVN#34980730: A-Form vulnerable in restricting access
A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions. Impact Information managed by A-Form may be altered by a user who does not have administrative privileges. Solution Update the Software Update to the late...
BaserCMS vulnerable to access restriction
Overview BaserCMS contains a vulnerability in access restriction. BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed. Masako Ohn...
BaserCMS vulnerable to cross-site scripting
Overview BaserCMS contains a cross-site scripting vulnerability. BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a cross-site scripting vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#16617002: BaserCMS vulnerable to access restriction
BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed. Impact Users without administrative privileges may obtain administrative...
JVN#09789751: BaserCMS vulnerable to cross-site scripting
BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...
SemanticScuttle vulnerable to cross-site scripting
Overview SemanticScuttle contains a cross-site scripting vulnerability. SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#28973089: SemanticScuttle vulnerable to cross-site scripting
SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...
Megalith vulnerable to authentication bypass
Overview Megalith contains an authentication bypass vulnerability. Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to...
JVN#45458289: Megalith vulnerable to authentication bypass
Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected...
GTK+ may insecurely load dynamic libraries
Overview GTK+ may use unsafe methods for determining how to load DLLs. GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IP...
Juniper Networks IDP ACM vulnerable to cross-site scripting
Overview Juniper Networks IDP ACM Appliance Configuration Manager contains a cross-site scripting vulnerability. Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Lt...
Sage vulnerable to arbitrary script execution
Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN30221194. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...
Sage vulnerable to arbitrary script execution
Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN99203127. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...
Multiple vulnerabilities in Phorum
Overview Phorum contains multiple vulnerabilities. Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#71435255: Multiple vulnerabilities in Phorum
Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Impact An arbitrary file may be uploaded or an arbitrary script may be executed on the web browser of a user that is logged in. Solution Update the software Update to the lates...
JVN#44642341: Juniper Networks IDP ACM vulnerable to cross-site scripting
Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...
JVN#99203127: Sage vulnerable to arbitrary script execution
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...
JVN#30221194: Sage vulnerable to arbitrary script execution
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...