5609 matches found
Active! mail 2003 cookie disclosure vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which cookies may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed. Kenichi Maehashi of CIS RAT at Hosei Universi...
Active! mail 2003 session ID disclosure vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which session IDs may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Kenichi Maehashi of CIS RAT at Hosei...
Active! mail 2003 cross-site scripting vulnerability
Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...
JVN#00152874 P forum vulnerable to directory traversal
P forum from Rocomotion is a bulletin board software. P forum contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer. This...
SEIL/B1 authentication issue
Overview SEIL/B1 contains an issue in the implementation of the PPP Access Concentrator PPPAC function, which may allow replay attacks to be performed during the authentication process. The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2...
JVN#49602378 SEIL/B1 authentication issue
The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2 authentication processes, the same challenge value is repeatedly used for each authentication attempt. Impact A third party may be able to perform replay attacks. As a result, the third party ma...
JVN#36207497 Active! mail 2003 cookie disclosure vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email could be viewed or configurations could be...
JVN#85821104 Active! mail 2003 session ID disclosure vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email may be viewed or configurations may be...
JVN#49083120 Active! mail 2003 cross-site scripting vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...
EC-CUBE information disclosure vulnerability
Overview EC-CUBE from LOCKON CO.,LTD. contains an information disclosure vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that...
JVN#79762947 EC-CUBE information disclosure vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that is saved by EC-CUBE. Solution Update the Software Apply the latest updates provided by...
Redmine vulnerable to cross-site request forgery
Overview Redmine contains a cross-site request forgery vulnerability. Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Redmine vulnerable to cross-site scripting
Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#87341298 Redmine vulnerable to cross-site request forgery
Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into Redmine, an arbitrary ticket may be deleted. Solution Update the Software Update to the latest version according to the information...
JVN#01245481 Redmine vulnerable to cross-site scripting
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...
Roundcube Webmail vulnerable to cross-site request forgery
Overview Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is...
Roundcube Webmail vulnerable to cross-site request forgery
Overview Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability. Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is...
JVN#72974205 Roundcube Webmail vulnerable to cross-site request forgery
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN75694913. Impact An attacker may be able to alter the user information within Roundcube...
JVN#75694913 Roundcube Webmail vulnerable to cross-site request forgery
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN72974205. Impact An attacker may be able to send arbitrary emails. Solution Update the...
SEIL/X Series and SEIL/B1 denial of service vulnerability
Overview SEIL/X Series and SEIL/B1 contain a denial of service DoS vulnerability. SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the NAT function, which may lead to a denial of service DoS vulnerability. Impact When processing a specially...
SEIL/X Series and SEIL/B1 buffer overflow vulnerability
Overview SEIL/X Series and SEIL/B1 contain a buffer overflow vulnerability. SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the URL filtering function, which may lead to a buffer overflow vulnerability. Impact When processing a specially...
JVN#13011682 SEIL/X Series and SEIL/B1 denial of service vulnerability
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the NAT function, which may lead to a denial of service DoS vulnerability. Impact When processing a specially crafted packet, a remote attacker may cause a denial of service. Solution Update the...
JVN#06362164 SEIL/X Series and SEIL/B1 buffer overflow vulnerability
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the URL filtering function, which may lead to a buffer overflow vulnerability. Impact When processing a specially crafted URL, a remote attacker may be able to execute arbitrary code. Solution...
Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
Overview Implementations of Internet Protocol version 6 IPv6 may be vulnerable to denial of service DoS attacks. Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol RFC4861, which may lead to a denial of service vulnerablility. For more...
JVN#75368899: Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol RFC4861, which may lead to a denial of service vulnerablility. Impact Reception of a large number of packets from a malicious third party that is on the same link within the network ma...
Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
Overview Canon IT Solutions Inc. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS Inc. reported this vulnerabili...
JVN#33822756 Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Takeshi Terada of Mitsui Bussan Secure Directions,...
JVN#23108985: Multiple Cybozu products vulnerable to cross-site scripting
Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...
SugarCRM vulnerable to cross-site scripting
Overview SugarCRM contains a cross-site scripting vulnerability. SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#84396512 SugarCRM vulnerable to cross-site scripting
SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Impact If a user views a malicious page and clicks the print icon while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...
Directory traversal vulnerability in multiple phpspot products
Overview Multiple products provided by phpspot contain a directory traversal vulnerablility. Multiple products BBS Software etc. provided by phpspot contain a directory traversal vulnerablility. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/...
Cross-site scripting vulnerability in multiple phpspot products
Overview Multiple products provided by phpspot contain a cross-site scripting vulnerablility. Multiple products BBS Software etc. provided by phpspot contain a cross-site scripting vulnerablility. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...
JVN#65914253 Directory traversal vulnerability in multiple phpspot products
Multiple products BBS Software etc. provided by phpspot contain a directory traversal vulnerablility. Impact A remote attacker could view files on the server where the product is installed. This could lead to disclosure of contents. Solution Update the software Update to latest version according ...
JVN#53591199 Cross-site scripting vulnerability in multiple phpspot products
Multiple products BBS Software etc. provided by phpspot contain a cross-site scripting vulnerablility. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to latest version according to the information provided by developer. Products Affected...
XF-Section vulnerable to cross-site scripting
Overview XF-Section from Happy Linux contains a cross-site scripting vulnerability. XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Third-party cookie issue in Opera
Overview Opera contains an issue in which third-party cookies are not handled properly. Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the...
JVN#39157969 Third-party cookie issue in Opera
Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the default installation of Opera. Impact A remote attacker may be able to trace an user's...
JVN#00425482 XF-Section vulnerable to cross-site scripting
XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use XF-Section Since the product is no longer being developed, users are...
GIF File Processing Denial of Service Vulnerability in Multiple JP1 Products
Overview A vulnerability exists in multiple JP1 products that could allow an attacker to cause denial of service DoS condition due to error in processing GIF files. Impact A remote attacker could cause a denial of service DoS condition. Solution Please refer to the 'Vendor Information' section fo...
Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP
Overview Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities that could allow an attacker to execute arbitrary commands. Impact A remote attacker could execute arbitrary commands. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...
Webservice-DIC yoyaku_v41 vulnerable to command injection
Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. This vulnerability is different from JVN80436657. Keigo Yamazaki of LAC Co.,...
JVN#05857667 Webservice-DIC yoyaku_v41 vulnerable to command injection
yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. This vulnerability is different from JVN80436657. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution...
Buffer overflow vulnerability in Microsoft Windows
Overview Microsoft Windows contains a buffer overflow vulnerability. Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files. The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary...
JVN#62211338 Buffer overflow vulnerability in Microsoft Windows
Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files. Impact If a user opens a specially crafted file, an attacker may execute arbitrary code. Solution Update the software Apply the update according to the information...
JVN#57040664 ATOK screen lock bypass vulnerability
ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass vulnerability. Impact An attacker could execute arbitrary code or program with the privileges ...
Issue of Access Control Failure in Hitachi Device Manager Server
Overview Hitachi Device Manager servers contain a vulnerability in which access control settings would be rendered invalid in the following cases: - IPv6 format is used for communications between a Hitachi Device Manager server and its clients. - Access controls for Hitachi Device Manager clients...
Issue of Access Control Failure in Groupmax Scheduler Server
Overview Groupmax Scheduler Server contains a vulnerability in which access privilege settings can be rendered invalid. Impact An unauthorized user may gain access to the Groupmax Scheduler Server. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery
Overview bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. bingo!CMS core and bingo!CMS are content management systems CMS. bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC...
JVN#68640473 bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery
bingo!CMS core and bingo!CMS are content management systems CMS. bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged into the CMS, an attacker could modify configurations or modify contents managed by CMS...