Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability

Overview An arbitrary code execution vulnerability exists in several EUR Form and EUR products. Impact A remote attacker could execute arbitrary code through the affected web pages. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...

CapsSuite Small Edition PatchMeister vulnerable to denial of service

Overview CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Servers or...

WebSAM DeploymentManager vulnerable to denial of service

Overview WebSAM DeploymentManager contains a denial of service DoS vulnerability. WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Servers or workstations that installed "Client Servic...

Interstage Application Server vulnerable in request processing

Overview The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly. The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certa...

JVN#90248889: Interstage Application Server vulnerable in request processing

The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device. Impact Invalid requests may be processed or user information may be leaked...

JVN#90872372 WebSAM DeploymentManager vulnerable to denial of service

WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for DPM" installed, a remote attacker may shut down or restart the operating...

JVN#82749282 CapsSuite Small Edition PatchMeister vulnerable to denial of service

CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for PTM" installed, a remote attacker may shut down or...

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...

JVN#92854093 Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

Multiple Cybozu products vulnerable to authentication bypass

Overview Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of ...

JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass

Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product. Impact A remote attacker may view or modify information stored b...

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Fo...

JVN#98467259 Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the software...

Accela BizSearch Access Control Bypass Vulnerability

Overview The local file seraching function in IntelligentSearch and Accela BizSearch is prone to an access control bypass vulnerability. Impact Users without permission can access restricted files on the local Windows machine via the BizSearch search results. Solution Please refer to the 'Vendor...

Cisco Router and Security Device Manager vulnerable to cross-site scripting

Overview Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability...

MODx vulnerable to cross-site scripting

Overview MODx provided by The MODx CMS Project contains a cross-site scripting vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported th...

MODx vulnerable to SQL injection

Overview MODx provided by The MODx CMS Project contains a SQL injection vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerabili...

Internet Explorer information disclosure vulnerability

Overview Internet Explorer contains an information disclosure vulnerability. Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerabili...

JVN#46669729 MODx vulnerable to cross-site scripting

MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

JVN#19774883 MODx vulnerable to SQL injection

MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according to the information...

JVN#14313132 Cisco Router and Security Device Manager vulnerable to cross-site scripting

Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Upda...

JVN#49467403 Internet Explorer information disclosure vulnerability

Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Impact When a user opens specially crafted web page, an attacker may be able to obtain sensitive information. Solution Update the software Apply the...

HL-SiteManager vulnerable to SQL injection

Overview HL-SiteManager from Heartlogic contains a SQL injection vulnerability. HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated wit...

Compiere vulnerable to cross-site scripting

Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...

Compiere vulnerable to cross-site scripting

Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...

PrettyFormMail vulnerable to cross-site scripting

Overview PrettyFormMail from PrettyBook contains a cross-site scripting vulnerability. PrettyFormMail from PrettyBook is a software that sends emails with contents that are input into a HTML form. PrettyFormMail contains a cross-site scripting vulnerability. Masako Ohono reported this vulnerabili...

JVN#60969543 HL-SiteManager vulnerable to SQL injection

HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Do not use HL-SiteManager As patches will not be provided, users are...

JVN#41842181 PrettyFormMail vulnerable to cross-site scripting

PrettyFormMail from PrettyBook is a software that sends emails with contents that are input into a HTML form. PrettyFormMail contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use PrettyFormMail As patches will not ...

JVN#57963254 Compiere vulnerable to cross-site scripting

Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN38687002. Impact When a user is logged into Compiere, an arbitrary script may b...

JVN#38687002 Compiere vulnerable to cross-site scripting

Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN57963254. Impact An arbitrary script may be executed on the user's web browser...

ATOK screen lock bypass vulnerability

Overview ATOK from JustSystems Corporation contains a screen lock bypass vulnerability. ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass...

Ichitaro series buffer overflow vulnerability

Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN29211062, JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich...

JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability

Overview Computer systems running the JP1/Cm2/Network Node Manager NNM Remote Console for Windows are vulnerable due to insecure file permissions set on the systems. Impact A local attacker could replace the affected files provided by the NNM Remote Console with arbitrary files. Solution Please...

OpenPNE authentication bypass vulnerability

Overview OpenPNE contains an authentication bypass vulnerability. OpenPNE is an open source SNS Social Networking Service software. OpenPNE provides an "IP address range limitation" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range...

JVN#06874657 OpenPNE authentication bypass vulnerability

OpenPNE is an open source SNS Social Networking Service software. OpenPNE provides an "IP address range limitation" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range limitation function that may lead to an authentication bypass...

uCosminexus Portal Framework Cross-Site Scripting Vulnerability

Overview uCosminexus Portal Framework has a cross-site scripting vulnerability. Impact A remote attacker could make users of affected systems unknowingly execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...

tDiary plugin tb-send.rb vulnerable to cross-site scripting

Overview tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. The developer has confirmed that tDiary 2.3.x are not affected by this vulnerability. Project VEX of UBsecure, Inc...

JVN#73331060 tDiary plugin tb-send.rb vulnerable to cross-site scripting

tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on some web browsers. Solution Update the Software Update according to the information provided by the developer. Products Affected tDiary 2.2.2full set...

Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java

Overview Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java have a buffer overflow vulnerability when processing image files in Java applications. Impact An attacker can execute arbitrary code on the target system. Solution Please refer to the 'Vendor Information' section for...

Oracle Application Server vulnerable to cross-site scripting

Overview Oracle Application Server from Oracle contains a cross-site scripting vulnerability. Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC...

WebCalenderC3 vulnerable to directory traversal

Overview WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

WebCalenderC3 cross-site scripting vulnerability

Overview WebCalenderC3 from C3 Corp. contains a cross-site scripting vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a cross-site scripting vulnerability. According to the developer, they were not able to reproduce the vulnerability. However, to mitigate...

JVN#50837839 Oracle Application Server vulnerable to cross-site scripting

Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

JVN#22247093 WebCalenderC3 vulnerable to directory traversal

WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...

JVN#33977065 WebCalenderC3 cross-site scripting vulnerability

WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a cross-site scripting vulnerability. According to the developer, they were not able to reproduce the vulnerability. However, to mitigate against potential security risks, the developer has released a security enhanced...

Movable Type access restriction bypass vulnerability

Overview Movable Type contains an access restriction bypass vulnerability. Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or...

JVN#09872874 Movable Type access restriction bypass vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or modify information stored by Movable Type. Solution Update the Software...

Fujitsu Interstage and Systemwalker SSL Vulnerabilities

Overview Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below: - A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate. - A vulnerability that makes it possible to make an SSL connection using a server or client...

StartTLS not enabled in Hitachi Storage Command Suite products

Overview When a Hitachi Storage Command Suite product uses an LDAP directory server as the server to be used for external authentication, StartTLS won't be enabled even if it is specified as the connection protocol. Impact StartTLS won't be enabled even if it is specified as the connection...

P forum vulnerable to directory traversal

Overview P forum from Rocomotion contains a directory traversal vulnerability. P forum from Rocomotion is a bulletin board software. P forum contains a directory traversal vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...