5625 matches found
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Sen UENO of Tricorder Co. Ltd. reported...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Sen UENO of Tricorder Co. Ltd...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#54074460: Multiple Cybozu products vulnerable to cross-site scripting
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the lates...
JVN#80877328: Multiple Cybozu products vulnerable to cross-site scripting
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to...
JVN#59779256: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the latest version according to the information provided by the developer...
JVN#55508059: Cybozu Office vulnerable to cross-site scripting
Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the late...
WeblyGo vulnerable to cross-site scripting
Overview WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS contains a cross-site scripting vulnerability. WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Yoshihiro Ishikawa of LAC reported this vulnerability ...
JVN#43386477: WeblyGo vulnerable to cross-site scripting
WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. The "Ichitaro" series word processing software, from...
Microsoft MSXML vulnerability in HTTP request processing
Overview MSXML provided by Microsoft contains a vulnerability in the processing of HTTP requests. MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to...
Microsoft Outlook read receipt function vulnerability
Overview Microsoft Outlook contains a vulnerability in the read receipt function. Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Ayako Kozakai of NTT DATA SECURITY CORPORATION...
ASP.NET vulnerable to cross-site scripting
Overview ASP.NET contains a cross-site scripting vulnerability. ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability. Masato Anzai of Mitsui Bussan Secure Directions, Inc. reported this vulnerabilit...
Internet Explorer vulnerable to cross-site scripting
Overview Internet Explorer contains a cross-site scripting vulnerability. Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...
Clipboard contents alteration vulnerability in Internet Explorer
Overview Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the...
Microsoft Windows VBScript implementation file name disclosure vulnerability
Overview The Microsoft Windows VBScript implementation contains a file name disclosure vulnerability. When VBScript is used to load an image file in Internet Explorer, there is a vulnerability where an unauthenticated attacker may confirm the existence of a particular file. Impact As a step prior...
JVN#87239473: Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...
JVN#63451350: Clipboard contents alteration vulnerability in Internet Explorer
Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the clipboard may be leaked or...
JVN#72586781: ASP.NET vulnerable to cross-site scripting
ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...
JVN#73643130: Microsoft MSXML vulnerability in HTTP request processing
MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to another server. Impact When going through a proxy server, information such as authentication...
JVN#40382909: Microsoft Outlook read receipt function vulnerability
Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...
JVN#26408023: Internet Explorer vulnerable to cross-site scripting
Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Impact An arbitrary script may be executed on the user's web browser when the setting for "Use folder view for FTP sites" is turned off. Note that this setting is turned on by default...
Java Web Start may insecurely load dynamic libraries
Overview Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path...
Java Web Start may insecurely load settings files
Overview Java Web Start provided Oracle may use unsafe methods for determining how to load settings files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...
Java Web Start may insecurely load policy files
Overview Java Web Start provided Oracle may use unsafe methods for determining how to load policy files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...
JVN#29212182: Java Web Start may insecurely load policy files
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load policy files. Impact An attacker may execute arbitrary code with the...
JVN#18680611: Java Web Start may insecurely load dynamic libraries
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrar...
JVN#09206238: Java Web Start may insecurely load settings files
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load settings files. Impact An attacker may execute arbitrary code with t...
WalRack upload file handilng vulnerability
Overview WalRack Walrus File Rack CGI contains a vulnerability in handling upload files. WalRack is a CGI that provides an interface to upload files on the Web. WalRack contains a vulnerability in handling upload files. Impact An arbitrary PHP script may be executed on the server where WalRack is...
JVN#46984044: WalRack upload file handilng vulnerability
WalRack is a CGI that provides an interface to upload files on the Web. WalRack contains a vulnerability in handling upload files. Impact An arbitrary PHP script may be executed on the server where WalRack is installed. Solution Update the Software Update to the latest version according to the...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Takesh...
JVN#45658190: Movable Type vulnerable to cross-site scripting
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...
iVIEW Suite vulnerable to SQL injection
Overview iVIEW Suite from RADVISION contains a SQL injection vulnerability. iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to...
JVN#77697803: iVIEW Suite vulnerable to SQL injection
iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Impact A remote attacker may view or alter the information on the system. Solution Update the Software Update to the latest version according to the...
Virus Buster 2009 key input encryption function vulnerability
Overview Virus Buster 2009 contains a vulnerability within the key input encryption function. The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted. Nobuhiro Tsuji of NTT DATA SECURI...
JVN#99175647: Virus Buster 2009 key input encryption function vulnerability
The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted. Impact When input information is stolen by a key logger, portions of the information may be leaked in plaintext. Solution Updat...
Applications that use the Windows Help function may be vulnerable to privilege escalation
Overview Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the...
La Fonera+ vulnerable to denial-of-service (DoS)
Overview La Fonera+ provided by FON contains a denial-of-service DoS vulnerability. La Fonera+ provided by FON is a wireless LAN router. La Fonera+ contains a denial-of-service DoS vulnerability. Impact An attacker who can communicate with La Fonera+ directly may cause a denial-of-service DoS...
JVN#96839637: La Fonera+ vulnerable to denial-of-service (DoS)
La Fonera+ provided by FON is a wireless LAN router. La Fonera+ contains a denial-of-service DoS vulnerability. Impact An attacker who can communicate with La Fonera+ directly may cause a denial-of-service DoS. Solution Update the firmware Update to the latest firmware version according to the...
JVN#63898867: Applications that use the Windows Help function may be vulnerable to privilege escalation
Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus...
EC-CUBE vulnerable to cross-site request forgery
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site request forgery vulnerability. EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Masako Oono reported this vulnerability to IP...
Multiple Buffalo routers vulnerable to cross-site request forgery
Overview Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management...
Multiple Yamaha routers vulnerable to denial-of-service (DoS)
Overview Multiple routers provided by Yamaha contain a denial-of-service vulnerability. Multiple routers provided by Yamaha contain a denial-of-service DoS vulnerability due to an issue in processing IP packets. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IP...
JVN#37878530: EC-CUBE vulnerable to cross-site request forgery
EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information stored within EC-CUBE may be altered. Solution Update the Software Apply t...
JVN#50505257: Multiple Buffalo routers vulnerable to cross-site request forgery
Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Impact If a user views a malicious page while logged into the management screen, settings...
JVN#55714408: Multiple Yamaha routers vulnerable to denial-of-service (DoS)
Multiple routers provided by Yamaha contain a denial-of-service DoS vulnerability due to an issue in processing IP packets. Impact A remote attacker may cause a denial-of-service DoS. Solution Update the firmware Update to the latest version of firmware according to the information provided by th...
Password Vault Web Access vulnerable to cross-site scripting
Overview Password Vault Web Access PVWA provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability. Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerabilit...
JVN#11424086: Password Vault Web Access vulnerable to cross-site scripting
Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Apply a patch Apply t...
Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability
Overview Hitachi Tuning Manager Software contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Picasa may insecurely load executable files
Overview Picasa may use unsafe methods for determining how to load executables .exe Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load...