5625 matches found
JVN#06874657 OpenPNE authentication bypass vulnerability
OpenPNE is an open source SNS Social Networking Service software. OpenPNE provides an "IP address range limitation" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range limitation function that may lead to an authentication bypass...
uCosminexus Portal Framework Cross-Site Scripting Vulnerability
Overview uCosminexus Portal Framework has a cross-site scripting vulnerability. Impact A remote attacker could make users of affected systems unknowingly execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...
tDiary plugin tb-send.rb vulnerable to cross-site scripting
Overview tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. The developer has confirmed that tDiary 2.3.x are not affected by this vulnerability. Project VEX of UBsecure, Inc...
JVN#73331060 tDiary plugin tb-send.rb vulnerable to cross-site scripting
tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on some web browsers. Solution Update the Software Update according to the information provided by the developer. Products Affected tDiary 2.2.2full set...
Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java
Overview Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java have a buffer overflow vulnerability when processing image files in Java applications. Impact An attacker can execute arbitrary code on the target system. Solution Please refer to the 'Vendor Information' section for...
Oracle Application Server vulnerable to cross-site scripting
Overview Oracle Application Server from Oracle contains a cross-site scripting vulnerability. Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC...
WebCalenderC3 vulnerable to directory traversal
Overview WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
WebCalenderC3 cross-site scripting vulnerability
Overview WebCalenderC3 from C3 Corp. contains a cross-site scripting vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a cross-site scripting vulnerability. According to the developer, they were not able to reproduce the vulnerability. However, to mitigate...
JVN#50837839 Oracle Application Server vulnerable to cross-site scripting
Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...
JVN#22247093 WebCalenderC3 vulnerable to directory traversal
WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#33977065 WebCalenderC3 cross-site scripting vulnerability
WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a cross-site scripting vulnerability. According to the developer, they were not able to reproduce the vulnerability. However, to mitigate against potential security risks, the developer has released a security enhanced...
Movable Type access restriction bypass vulnerability
Overview Movable Type contains an access restriction bypass vulnerability. Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or...
JVN#09872874 Movable Type access restriction bypass vulnerability
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or modify information stored by Movable Type. Solution Update the Software...
Fujitsu Interstage and Systemwalker SSL Vulnerabilities
Overview Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below: - A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate. - A vulnerability that makes it possible to make an SSL connection using a server or client...
StartTLS not enabled in Hitachi Storage Command Suite products
Overview When a Hitachi Storage Command Suite product uses an LDAP directory server as the server to be used for external authentication, StartTLS won't be enabled even if it is specified as the connection protocol. Impact StartTLS won't be enabled even if it is specified as the connection...
P forum vulnerable to directory traversal
Overview P forum from Rocomotion contains a directory traversal vulnerability. P forum from Rocomotion is a bulletin board software. P forum contains a directory traversal vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Active! mail 2003 cookie disclosure vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which cookies may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed. Kenichi Maehashi of CIS RAT at Hosei Universi...
Active! mail 2003 session ID disclosure vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which session IDs may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Kenichi Maehashi of CIS RAT at Hosei...
Active! mail 2003 cross-site scripting vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...
JVN#00152874 P forum vulnerable to directory traversal
P forum from Rocomotion is a bulletin board software. P forum contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer. This...
SEIL/B1 authentication issue
Overview SEIL/B1 contains an issue in the implementation of the PPP Access Concentrator PPPAC function, which may allow replay attacks to be performed during the authentication process. The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2...
JVN#49602378 SEIL/B1 authentication issue
The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2 authentication processes, the same challenge value is repeatedly used for each authentication attempt. Impact A third party may be able to perform replay attacks. As a result, the third party ma...
JVN#36207497 Active! mail 2003 cookie disclosure vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email could be viewed or configurations could be...
JVN#49083120 Active! mail 2003 cross-site scripting vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...
JVN#85821104 Active! mail 2003 session ID disclosure vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email may be viewed or configurations may be...
EC-CUBE information disclosure vulnerability
Overview EC-CUBE from LOCKON CO.,LTD. contains an information disclosure vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that...
JVN#79762947 EC-CUBE information disclosure vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that is saved by EC-CUBE. Solution Update the Software Apply the latest updates provided by...
Redmine vulnerable to cross-site request forgery
Overview Redmine contains a cross-site request forgery vulnerability. Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Redmine vulnerable to cross-site scripting
Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#87341298 Redmine vulnerable to cross-site request forgery
Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into Redmine, an arbitrary ticket may be deleted. Solution Update the Software Update to the latest version according to the information...
JVN#01245481 Redmine vulnerable to cross-site scripting
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...
Roundcube Webmail vulnerable to cross-site request forgery
Overview Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is...
Roundcube Webmail vulnerable to cross-site request forgery
Overview Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is...
JVN#72974205 Roundcube Webmail vulnerable to cross-site request forgery
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN75694913. Impact An attacker may be able to alter the user information within Roundcube...
JVN#75694913 Roundcube Webmail vulnerable to cross-site request forgery
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN72974205. Impact An attacker may be able to send arbitrary emails. Solution Update the...
SEIL/X Series and SEIL/B1 denial of service vulnerability
Overview SEIL/X Series and SEIL/B1 contain a denial of service DoS vulnerability. SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the NAT function, which may lead to a denial of service DoS vulnerability. Impact When processing a specially...
SEIL/X Series and SEIL/B1 buffer overflow vulnerability
Overview SEIL/X Series and SEIL/B1 contain a buffer overflow vulnerability. SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the URL filtering function, which may lead to a buffer overflow vulnerability. Impact When processing a specially...
JVN#13011682 SEIL/X Series and SEIL/B1 denial of service vulnerability
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the NAT function, which may lead to a denial of service DoS vulnerability. Impact When processing a specially crafted packet, a remote attacker may cause a denial of service. Solution Update the...
JVN#06362164 SEIL/X Series and SEIL/B1 buffer overflow vulnerability
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the URL filtering function, which may lead to a buffer overflow vulnerability. Impact When processing a specially crafted URL, a remote attacker may be able to execute arbitrary code. Solution...
Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
Overview Implementations of Internet Protocol version 6 IPv6 may be vulnerable to denial of service DoS attacks. Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol RFC4861, which may lead to a denial of service vulnerablility. For more...
JVN#75368899: Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol RFC4861, which may lead to a denial of service vulnerablility. Impact Reception of a large number of packets from a malicious third party that is on the same link within the network ma...
Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
Overview Canon IT Solutions Inc. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS Inc. reported this vulnerabili...
JVN#33822756 Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Takeshi Terada of Mitsui Bussan Secure Directions,...
JVN#23108985: Multiple Cybozu products vulnerable to cross-site scripting
Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...
SugarCRM vulnerable to cross-site scripting
Overview SugarCRM contains a cross-site scripting vulnerability. SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#84396512 SugarCRM vulnerable to cross-site scripting
SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Impact If a user views a malicious page and clicks the print icon while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...
Directory traversal vulnerability in multiple phpspot products
Overview Multiple products provided by phpspot contain a directory traversal vulnerablility. Multiple products BBS Software etc. provided by phpspot contain a directory traversal vulnerablility. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/...
Cross-site scripting vulnerability in multiple phpspot products
Overview Multiple products provided by phpspot contain a cross-site scripting vulnerablility. Multiple products BBS Software etc. provided by phpspot contain a cross-site scripting vulnerablility. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...
JVN#53591199 Cross-site scripting vulnerability in multiple phpspot products
Multiple products BBS Software etc. provided by phpspot contain a cross-site scripting vulnerablility. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to latest version according to the information provided by developer. Products Affected...