5625 matches found
Improper Authentication Vulnerability in Handling of Revoked Certificate in Hitachi Web Server SSL Client Authentication
Overview SSL client authentication in Hitachi Web Server has a vulnerability which allows an attacker to access a Hitachi Web Server using the client certificates registered in the Certification Revocation List CRL. This vulnerability does not apply if SSL or SSL client authentication is not in...
TP1/Message Control Denial of Service (DoS) Vulnerability
Overview The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service DoS condition...
JVN#34729123 Explzh buffer overflow vulnerability
Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Impact When processing a specially crafted LHA file, a remote attacker may be able to execute arbitrary code. Solution Update...
Multiple vulnerabilities in ActiveGeckoBrowser
Overview ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities. ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attack...
JVN#67120749 Multiple vulnerabilities in ActiveGeckoBrowser
ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attacker may execute an arbitrary code or script, or conduct a denial of service DoS...
Stack-Based Buffer Overflow Vulnerability in Collaboration Common Utility
Overview Collaboration Common Utility, a component of multiple Hitachi products, is vulnerable to stack-based buffer overflow when the Drag and Drop Component for Collaboration feature is also installed. Impact No details available. Solution Please refer to the 'Vendor Information' section for th...
Arbitrary Code Execution Vulnerability in CA ARCserve Backup and BrightStor ARCserve Backup
Overview The version of JRE shipped with CA ARCserve Backup and BrightStor ARCserve Backup is vulnerable to arbitrary code execution. Impact A remote attacker could execute arbitrary code on the affected system. Solution Please refer to the 'Vendor Information' section for the official...
e-Pares vulnerable to session fixation
Overview e-Pares contains a session fixation vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a session fixation vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web application...
e-Pares vulnerable to cross-site request forgery
Overview e-Pares contains a cross-site request forgery vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the...
e-Pares vulnerable to cross-site scripting
Overview e-Pares contains a cross-site scripting vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web...
JVN#58439007: e-Pares vulnerable to cross-site scripting
e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...
JVN#82465391: e-Pares vulnerable to cross-site request forgery
e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into e-Pares, facility reservation data may be altered. Solution Update the Software Update to the latest...
JVN#36925871: e-Pares vulnerable to session fixation
e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user may perform arbitrary operations. As a result, disclosure or alteration of information may occur. Solution Updat...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability is different from JVN98467259. The "Ichitaro" series word processing software, from JustSystems Corporation contains a...
JVN#17293765 Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the software...
XMAP3 Arbitrary Code Execution Vulnerability
Overview An arbitrary code execution vulnerability exists in the system installed with XMAP3/Web, or it may experience unexpected shutdown of Internet Explorer. The same issues exist in the Web browser testing tool, a web system development feature that comes with XMAP3/NET and XMAP3/Enterprise...
Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability
Overview An arbitrary code execution vulnerability exists in several EUR Form and EUR products. Impact A remote attacker could execute arbitrary code through the affected web pages. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...
CapsSuite Small Edition PatchMeister vulnerable to denial of service
Overview CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Servers or...
WebSAM DeploymentManager vulnerable to denial of service
Overview WebSAM DeploymentManager contains a denial of service DoS vulnerability. WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Servers or workstations that installed "Client Servic...
Interstage Application Server vulnerable in request processing
Overview The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly. The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certa...
JVN#82749282 CapsSuite Small Edition PatchMeister vulnerable to denial of service
CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for PTM" installed, a remote attacker may shut down or...
JVN#90872372 WebSAM DeploymentManager vulnerable to denial of service
WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for DPM" installed, a remote attacker may shut down or restart the operating...
JVN#90248889: Interstage Application Server vulnerable in request processing
The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device. Impact Invalid requests may be processed or user information may be leaked...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...
JVN#92854093 Movable Type vulnerable to cross-site scripting
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...
Multiple Cybozu products vulnerable to authentication bypass
Overview Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of ...
JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass
Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product. Impact A remote attacker may view or modify information stored b...
Ichitaro series vulnerable to arbitrary code execution
Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Fo...
JVN#98467259 Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the software...
Accela BizSearch Access Control Bypass Vulnerability
Overview The local file seraching function in IntelligentSearch and Accela BizSearch is prone to an access control bypass vulnerability. Impact Users without permission can access restricted files on the local Windows machine via the BizSearch search results. Solution Please refer to the 'Vendor...
Cisco Router and Security Device Manager vulnerable to cross-site scripting
Overview Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability...
MODx vulnerable to cross-site scripting
Overview MODx provided by The MODx CMS Project contains a cross-site scripting vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported th...
MODx vulnerable to SQL injection
Overview MODx provided by The MODx CMS Project contains a SQL injection vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerabili...
Internet Explorer information disclosure vulnerability
Overview Internet Explorer contains an information disclosure vulnerability. Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerabili...
JVN#46669729 MODx vulnerable to cross-site scripting
MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...
JVN#14313132 Cisco Router and Security Device Manager vulnerable to cross-site scripting
Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Upda...
JVN#19774883 MODx vulnerable to SQL injection
MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according to the information...
JVN#49467403 Internet Explorer information disclosure vulnerability
Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Impact When a user opens specially crafted web page, an attacker may be able to obtain sensitive information. Solution Update the software Apply the...
HL-SiteManager vulnerable to SQL injection
Overview HL-SiteManager from Heartlogic contains a SQL injection vulnerability. HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated wit...
Compiere vulnerable to cross-site scripting
Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...
Compiere vulnerable to cross-site scripting
Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...
PrettyFormMail vulnerable to cross-site scripting
Overview PrettyFormMail from PrettyBook contains a cross-site scripting vulnerability. PrettyFormMail from PrettyBook is a software that sends emails with contents that are input into a HTML form. PrettyFormMail contains a cross-site scripting vulnerability. Masako Ohono reported this vulnerabili...
JVN#60969543 HL-SiteManager vulnerable to SQL injection
HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Do not use HL-SiteManager As patches will not be provided, users are...
JVN#38687002 Compiere vulnerable to cross-site scripting
Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN57963254. Impact An arbitrary script may be executed on the user's web browser...
JVN#57963254 Compiere vulnerable to cross-site scripting
Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN38687002. Impact When a user is logged into Compiere, an arbitrary script may b...
JVN#41842181 PrettyFormMail vulnerable to cross-site scripting
PrettyFormMail from PrettyBook is a software that sends emails with contents that are input into a HTML form. PrettyFormMail contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use PrettyFormMail As patches will not ...
ATOK screen lock bypass vulnerability
Overview ATOK from JustSystems Corporation contains a screen lock bypass vulnerability. ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN29211062, JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich...
JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability
Overview Computer systems running the JP1/Cm2/Network Node Manager NNM Remote Console for Windows are vulnerable due to insecure file permissions set on the systems. Impact A local attacker could replace the affected files provided by the NNM Remote Console with arbitrary files. Solution Please...
OpenPNE authentication bypass vulnerability
Overview OpenPNE contains an authentication bypass vulnerability. OpenPNE is an open source SNS Social Networking Service software. OpenPNE provides an "IP address range limitation" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range...