JP1/NETM/Remote Control Agent Authentication Bypass Vulnerability

Overview A vulnerability in the file transfer feature in the JP1/NETM/Remote Control Agent may allow authentication bypass. Impact A remote attacker could manipulate arbitrary files on the system installed with the Remote Control Agent. Solution ease refer to the 'Vendor Information' section for...

Denial of Service (DoS) Vulnerability in JP1/Desktop Navigation Built-in Database

Overview When JP1/Desktop Navigation used in a cluster environment receives unexpected data, the built-in database process and unit abend, which may cause the management server service to fall into a denial of service DoS condition. Impact A remote attacker could cause a denial of service DoS...

Denial of Service (DoS) Vulnerability in Hitachi Storage Command Suite Built-in Database

Overview A built-in database in Hitachi Storage Command Suite HSCS abends upon receiving maliciously-crafted data intended to exploit its denial of service DoS vulnerability. As a result, HSCS may become not operational or shutdown, for example, making operations from the screen and access to the...

Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Overview Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI...

JVN#35605523: Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Impact An arbitrary script may be executed on the user...

Denial of Service (DoS) Vulnerability in JP1/NETM

Overview A Built-in database in JP1/NETM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be restarted by rebooting JP1/IM. Impact A remote...

Denial of Service (DoS) Vulnerability in JP1/Integrated Manager and JP1/Integrated Management

Overview A Built-in database in JP1/Integrated Manager and JP1/Integrated Management JP1/IM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be...

Denial of Service (DoS) Vulnerability in JP1/PAM

Overview A Built-in database in JP1/Performance Analysis - Manager and JP1/Performance Management - Analysis Manager JP1/PAM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the...

Denial of Service (DoS) Vulnerability in JP1/AJS Built-in Database

Overview A Built-in database used by JP1/Automatic Job Management System 3 JP1/AJS3 - Manager and JP1/Automatic Job Management System 2 JP1/AJS2 - Manager contains a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. As a result, Job operations of...

Denial of Service (DoS) Vulnerability in JP1/ServerConductor/Control Manager

Overview A built-in database in JP1/ServerConductor/Control Manager contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the process abends, the service can be restarted by rebooting th...

Denial of Service (DoS) Vulnerability in Cosminexus

Overview Cosminexus series products contain a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. After it abends, the service can be restarted by rebooting the system. Impact A remote attacker could cause a denial of service DoS condition. Solution...

moobbs2 vulnerable to cross-site scripting

Overview moobbs2 contains a cross-site scripting vulnerability. moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

moobbs vulnerable to cross-site scripting

Overview moobbs contains a cross-site scripting vulnerability. moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

JVN#24423311: moobbs vulnerable to cross-site scripting

moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

JVN#75101998: moobbs2 vulnerable to cross-site scripting

moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...

SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability

Overview SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does not properly function in strict mode. SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does...

JVN#12683004: SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability

SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does not properly function in strict mode. Impact Packets that should be discarded, such as when an IP address is spoofed, may be transferred without being...

Winny vulnerable to buffer overflow

Overview Winny contains a buffer overflow vulnerability. Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Moti Joseph and Kobi Pariente reported this vulnerability to JPCERT/CC. JPCERT/CC...

Winny vulnerable to buffer overflow

Overview Winny contains a buffer overflow vulnerability. Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN91740962 and JVN74294680. Makoto Iwamura of NTT Information Sharing Platform Laboratories reported this...

Winny node information processing vulnerability

Overview Winny contains a vulnerability in the processing of node information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service DDoS attacks. Fuyumasa Takatsu of University of...

Winny BBS information processing vulnerability

Overview Winny contains a vulnerability in the processing of BBS information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Yuji Ukai of eEye Digital Security...

JVN#21471805: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN91740962 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

JVN#25393522: Winny node information processing vulnerability

Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service DDoS attacks. Impact A user may take part in a DDoS attack by a remote attacker. Solution Do not use Winny Please discontinue use o...

JVN#54336184: Winny BBS information processing vulnerability

Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Impact A user may take part in a DDoS attack by a remote attacker. Solution Do not use Winny Please discontinue use of...

JVN#91740962: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

Microsoft Windows denial of service (DoS) vulnerability

Overview Microsoft Windows contains a denial of service DoS vulnerability. Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Darren Willis of Fourteenforty Research Institute Inc. reported this vulnerability to IPA. JPCERT/CC...

JVN#86832361 Microsoft Windows denial of service (DoS) vulnerability

Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Impact A remote attacker could possibly cause a denial of service DoS by sending specially crafted IPv6 packets. Solution Update the software Update to the latest version...

Arbitrary Code Execution Vulnerability in JP1/Cm2/Network Node Manager

Overview JP1/Cm2/Network Node Manager contains a vulnerability that could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...

Denial of Service (DoS) Vulnerability in HiRDB

Overview HiRDB contains a vulnerability that could cause a denial of service DoS condition. The vulnerability is due to the HiRDB process and unit abending when the HiRDB process receives unexpected data. After the HiRDB unit abends, the service can be restarted by rebooting HiRDB. Impact A remot...

Internet Navigware Server Information Disclosure Vulnerability

Overview Internet Navigware Server is vulnerable to information disclosure or data tampering. Impact A remote attacker could disclose or alter information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Forced Shutdown or Restart with JP1/ServerConductor/Deployment Manager

Overview JP1/ServerConductor/Deployment Manager's Client Service for DPM has a vulnerability which could cause a shutdown or restart of the client computer when receiving ill-formed data. Impact A remote attacker could shut down or restart the target system. Solution Please refer to the 'Vendor...

Explzh buffer overflow vulnerability

Overview Explzh contains a buffer overflow vulnerability. Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Note that versions of Explzh that contain "Arcext.dll" version 2.16...

Cross-Site Scripting Vulnerability in Interstage Portalworks and Interstage Interaction Manager Portal Function

Overview The portal function of Interstage Portalworks and Interstage Interaction Manager is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected browser. Solution Please refer to the 'Vendor Information' section for the official...

Groupmax World Wide Web Desktop Cross-Site Scripting Vulnerability

Overview Groupmax World Wide Web Desktop is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Improper Authentication Vulnerability in Handling of Revoked Certificate in Hitachi Web Server SSL Client Authentication

Overview SSL client authentication in Hitachi Web Server has a vulnerability which allows an attacker to access a Hitachi Web Server using the client certificates registered in the Certification Revocation List CRL. This vulnerability does not apply if SSL or SSL client authentication is not in...

TP1/Message Control Denial of Service (DoS) Vulnerability

Overview The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service DoS condition...

JVN#34729123 Explzh buffer overflow vulnerability

Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Impact When processing a specially crafted LHA file, a remote attacker may be able to execute arbitrary code. Solution Update...

Multiple vulnerabilities in ActiveGeckoBrowser

Overview ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities. ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attack...

JVN#67120749 Multiple vulnerabilities in ActiveGeckoBrowser

ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attacker may execute an arbitrary code or script, or conduct a denial of service DoS...

Stack-Based Buffer Overflow Vulnerability in Collaboration Common Utility

Overview Collaboration Common Utility, a component of multiple Hitachi products, is vulnerable to stack-based buffer overflow when the Drag and Drop Component for Collaboration feature is also installed. Impact No details available. Solution Please refer to the 'Vendor Information' section for th...

Arbitrary Code Execution Vulnerability in CA ARCserve Backup and BrightStor ARCserve Backup

Overview The version of JRE shipped with CA ARCserve Backup and BrightStor ARCserve Backup is vulnerable to arbitrary code execution. Impact A remote attacker could execute arbitrary code on the affected system. Solution Please refer to the 'Vendor Information' section for the official...

e-Pares vulnerable to session fixation

Overview e-Pares contains a session fixation vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a session fixation vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web application...

e-Pares vulnerable to cross-site request forgery

Overview e-Pares contains a cross-site request forgery vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the...

e-Pares vulnerable to cross-site scripting

Overview e-Pares contains a cross-site scripting vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web...

JVN#36925871: e-Pares vulnerable to session fixation

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user may perform arbitrary operations. As a result, disclosure or alteration of information may occur. Solution Updat...

JVN#82465391: e-Pares vulnerable to cross-site request forgery

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into e-Pares, facility reservation data may be altered. Solution Update the Software Update to the latest...

JVN#58439007: e-Pares vulnerable to cross-site scripting

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability is different from JVN98467259. The "Ichitaro" series word processing software, from JustSystems Corporation contains a...

JVN#17293765 Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the software...

XMAP3 Arbitrary Code Execution Vulnerability

Overview An arbitrary code execution vulnerability exists in the system installed with XMAP3/Web, or it may experience unexpected shutdown of Internet Explorer. The same issues exist in the Web browser testing tool, a web system development feature that comes with XMAP3/NET and XMAP3/Enterprise...