JP1/Performance Management - Web Console Cross-Site Scripting Vulnerability

Overview JP1/Performance Management - Web Console contains a cross-site scripting vulnerability. Impact A remote attacker could execute malicious script on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Arbitrary Code Execution Vulnerability in HiRDB Control Manager

Overview HiRDB Control Manager - Agent contains a vulnerability that could allow a remote attacker to execute arbitrary code when it receives an unexpected, invalid request. Impact A remote attacker could execute arbitrary code via an unexpected, invalid request. Solution Please refer to the...

Android vulnerability where an incorrect SSL certificate is displayed

Overview Android OS contains a vulnerability where an incorrect SSL certificate is displayed. Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site...

JVN#43105011: Android vulnerability where an incorrect SSL certificate is displayed

Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site. Impact An attacker may trick the user into believing the site being visited is safe, which may...

Mozilla Firefox vulnerable to cross-site scripting

Overview Mozilla Firefox contains a cross-site scripting vulnerability. Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

Mozilla Firefox vulnerable to cross-site scripting

Overview Mozilla Firefox contains a cross-site scripting vulnerability. Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability...

Mozilla Firefox vulnerable to denial-of-service (DoS)

Overview Mozilla Firefox contains a denial-of-service DoS vulnerability. Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported...

Mozilla Firefox vulnerability in processing content-length header

Overview Mozilla Firefox contains a vulnerability in the processing of content-length header. Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a malicious website ...

JVN#70984231: Mozilla Firefox vulnerable to denial-of-service (DoS)

Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported, a denial-of-service DoS may occur. Solution Update the Software Update ...

JVN#36721438: Mozilla Firefox vulnerability in processing content-length header

Mozilla Firefox contains a vulnerability in the processing of content-length header. Impact When a malicious website is viewed, a script may be injected within a response from another domain. Solution Update the software Update to the latest version according to the information provided by the...

JVN#74649877: Mozilla Firefox vulnerable to cross-site scripting

Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided ...

JVN#96950482: Mozilla Firefox vulnerable to cross-site scripting

Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...

Plone vulnerable to cross-site scripting

Overview Plone contains a cross-site scripting vulnerability. Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

JVN#41222793: Plone vulnerable to cross-site scripting

Plone is an open source content management system CMS. Plone contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the Software Update to the latest version according to the information provided by...

Oracle iPlanet Web Server information disclosure vulnerability

Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains an information disclosure vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability. Impact A remote...

JVN#47124169: Oracle iPlanet Web Server information disclosure vulnerability

Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability. Impact A remote attacker may obtain source code. Solution Update the software Update to the latest version according to information provided b...

ASP.NET vulnerable to cross-site scripting

Overview ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability. ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the applicatio...

Google Search Appliance vulnerable to cross-site scripting

Overview Google Search Appliance provided by Google contains a cross-site scripting vulnerability. Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Yosuke...

JVN#87908726: ASP.NET vulnerable to cross-site scripting

ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the application may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...

JVN#86220950: Google Search Appliance vulnerable to cross-site scripting

Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Impact An arbitrary script may executed on the user's web browser. Solution Update the software Update to...

Internet Explorer vulnerable to cross-site scripting

Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting...

JVN#51325625: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Upgrade to the latest version according to the...

XnView may insecurely load executable files

Overview XnView may use unsafe methods for determining how to load executables .exe XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may...

Opera vulnerable to denial-of-service (DoS)

Overview Opera contains a denial-of-service vulnerability. Opera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability. Masahiro Yamada reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

JVN#17844633: XnView may insecurely load executable files

XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...

JVN#47757122: Opera vulnerable to denial-of-service (DoS)

Opera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability. Impact If a user accesses a malicious URL, this may cause Opera or the system to crash. Solution Update the software Update to the latest version...

ALZip vulnerable to buffer overflow

Overview ALZip provided by ESTsoft Japan Corp. contains a buffer overflow vulnerability. ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Takahiko Funakubo of Fourteenforty Research...

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...

Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory

Overview When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the modheaders module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been...

JVN#01547302: ALZip vulnerable to buffer overflow

ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Impact When opening a specially crafted file, arbitrary code may be executed. Solution Re-install the software Download ALZip 8.21 after...

Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office contains a cross-site scripting vulnerability. Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Sen UENO of Tricorder Co. Ltd. reported...

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Sen UENO of Tricorder Co. Ltd...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

JVN#55508059: Cybozu Office vulnerable to cross-site scripting

Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the late...

JVN#80877328: Multiple Cybozu products vulnerable to cross-site scripting

Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to...

JVN#54074460: Multiple Cybozu products vulnerable to cross-site scripting

Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the lates...

JVN#59779256: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the latest version according to the information provided by the developer...

WeblyGo vulnerable to cross-site scripting

Overview WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS contains a cross-site scripting vulnerability. WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Yoshihiro Ishikawa of LAC reported this vulnerability ...

JVN#43386477: WeblyGo vulnerable to cross-site scripting

WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. The "Ichitaro" series word processing software, from...

Microsoft MSXML vulnerability in HTTP request processing

Overview MSXML provided by Microsoft contains a vulnerability in the processing of HTTP requests. MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to...

Microsoft Outlook read receipt function vulnerability

Overview Microsoft Outlook contains a vulnerability in the read receipt function. Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Ayako Kozakai of NTT DATA SECURITY CORPORATION...

ASP.NET vulnerable to cross-site scripting

Overview ASP.NET contains a cross-site scripting vulnerability. ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability. Masato Anzai of Mitsui Bussan Secure Directions, Inc. reported this vulnerabilit...

Internet Explorer vulnerable to cross-site scripting

Overview Internet Explorer contains a cross-site scripting vulnerability. Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...

Clipboard contents alteration vulnerability in Internet Explorer

Overview Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the...

Microsoft Windows VBScript implementation file name disclosure vulnerability

Overview The Microsoft Windows VBScript implementation contains a file name disclosure vulnerability. When VBScript is used to load an image file in Internet Explorer, there is a vulnerability where an unauthenticated attacker may confirm the existence of a particular file. Impact As a step prior...