5625 matches found
AttacheCase may insecurely load executable files
Overview AttacheCase may use unsafe methods for determining how to load executables .exe. AttacheCase is a file encryption/decryption software. AttacheCase loads certain executables .exe when decrypting files, if certain settings are applied. AttacheCase contains an issue with the file search pat...
JVN#02175694: AttacheCase may insecurely load executable files
AttacheCase is a file encryption/decryption software. AttacheCase loads certain executables .exe when decrypting files, if certain settings are applied. AttacheCase contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code wi...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or ShiftJIS encoded characters, which may result in cross-site...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Fo...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a cross-site scripting vulnerability due to the way file types are determined. Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. For more information, refer to the information...
JVN#30273074: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Produc...
JVN#62275332: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Products Affected Internet...
JVN#21120853: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or ShiftJIS encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by...
JVN#33301529: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft...
EUR Form Client Arbitrary File Execution Vulnerability
Overview EUR Form Client has an arbitrary file execution vulnerability. Impact A remote attacker could execute arbitrary file on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Interstage Application Server Information Disclosure Vulnerability
Overview Interstage Application Server has an information disclosure vulnerability when used in a J2EE environment. Impact By taking the specific steps, a remote attacker could access the files and directories in the server to which J2EE applications are deployed, and the confidential information...
Movable Type vulnerable to SQL injection
Overview Movable Type contains SQL injection vulnerability. Movable Type, a web log system from Six Apart KK, contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according ...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...
Vulnerability in Epson printer driver installer where access permissions are changed
Overview A vulnerability in printer driver installers provided by Epson cause access permissions to a certain folder on the system to be changed. When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. A...
JVN#36673836: Movable Type vulnerable to cross-site scripting
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...
JVN#62736872: Vulnerability in Epson printer driver installer where access permissions are changed
When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. As a result, users that do not have permission to access that folder can gain access to that folder. Impact A user that does not have permission to...
JVN#78536512: Movable Type vulnerable to SQL injection
Movable Type, a web log system from Six Apart KK, contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...
Clipboard contents alteration vulnerability in Grani
Overview Grani contains a vulnerability in which the contents of the clipboard may be altered. Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the...
Clipboard contents alteration vulnerability in Sleipnir
Overview Sleipnir contains a vulnerability in which the contents of the clipboard may be altered. Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the conten...
JVN#64764004: Clipboard contents alteration vulnerability in Sleipnir
Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the...
JVN#76662040: Clipboard contents alteration vulnerability in Grani
Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the clipboard ma...
Google Chrome information disclosure vulnerability
Overview Google Chrome contains an information disclosure vulnerability. Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
Safari address bar spoofing vulnerability
Overview Safari contains a vulnerability where the URL displayed in the address may be spoofed. Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed. Impact Phishing attacks may be possible, due to th...
JVN#46026251: Safari address bar spoofing vulnerability
Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL being accessed...
JVN#36765384: Google Chrome information disclosure vulnerability
Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Impact When viewing a specially crafted web page, information may be disclosed. Solution Update the Software Update to the latest version according to the information provided by the...
Flash Player access restriction bypass vulnerability
Overview Flash Player contains an access restriction bypass vulnerability. When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access...
JVN#48425028: Flash Player access restriction bypass vulnerability
When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed. Impact...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from JVN19173793, and other issues that were previously published on JVN. Impact When opening a specially crafted file...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from JVN01948274, and other issues that were previously published on JVN. Impact When opening a specially crafted file...
JVN#01948274: Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...
JVN#19173793: Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...
GVim may insecurely load dynamic libraries
Overview GVim may use unsafe methods for determining how to load DLLs. GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this vulnerability t...
JVN#27868039: GVim may insecurely load dynamic libraries
GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update the...
Active! mail 6 vulnerable to HTTP header injection
Overview Active! mail 6 from TransWARE Co. contains a HTTP header injection vulnerability. Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA...
JVN#72541530: Active! mail 6 vulnerable to HTTP header injection
Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...
Apsaly may insecurely load executable files
Overview Apsaly may use unsafe methods for determining how to load executables .exe. Apsaly is a text editor that can interact with other applications. Apsaly loads certain executables when opening the folder that contains the file that is being edited, or when a particular sequence of actions ar...
TeraPad may insecurely load dynamic libraries
Overview TeraPad may use unsafe methods for determining how to load DLLs. TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this...
Multiple Yokka provided products may insecurely load executable files
Overview Multiple products provided by Yokka may use unsafe methods for determining how to load executables .exe. Multiple products provided by Yokka such as text editors, contain an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerabili...
Sleipnir and Grani may insecurely load executable files
Overview Sleipnir and Grani may use unsafe methods for determining how to load executables .exe. Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain ...
Sleipnir and Grani may insecurely load dynamic libraries
Overview Sleipnir and Grani may use unsafe methods for determining how to load DLLs. Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurel...
JVN#07497935: Multiple Yokka provided products may insecurely load executable files
Multiple products provided by Yokka such as text editors, contain an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update the Software Update to the latest version...
JVN#89272705: Sleipnir and Grani may insecurely load executable files
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain an issue with the file search path, which may insecurely load executables. Impact An attacker may...
JVN#50610528: Sleipnir and Grani may insecurely load dynamic libraries
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the...
JVN#71138390: Apsaly may insecurely load executable files
Apsaly is a text editor that can interact with other applications. Apsaly loads certain executables when opening the folder that contains the file that is being edited, or when a particular sequence of actions are performed. Apsaly contains an issue with the file search path, which may insecurely...
JVN#48097065: TeraPad may insecurely load dynamic libraries
TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...
Archive Decoder may insecurely load executable files
Overview Archive Decoder may use unsafe methods for determining how to load executables .exe. Archive Decoder is a file extraction software that supports multiple file en extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Makoto...
Explzh may insecurely load executable files
Overview Explzh may use unsafe methods for determining how to load executables .exe. Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables .exe when extracting files. Explzh contains an issue with the file search path, which may...
K2Editor may insecurely load executable files
Overview K2Editor may use unsafe methods for determining how to load executables .exe. K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may...
XacRett may insecurely load executable files
Overview XacRett may use unsafe methods for determining how to load executables .exe. XacRett is a file extraction software that supports many file formats. XacRett loads certain executables .exe when extracting files. XacRett contains an issue with the file search path, which may insecurely load...