JVNDB RSS Feed - 2008 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00Multiple JustSystems products vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000001.html
Multiple JustSystems products are vulnerable to buffer overflow.
Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file.
Multiple products are affected by this vulnerability.
For details, see the information provided by JustSystems.JVNDB-2008-000001http://jvn.jp/en/jp/JVN08237857/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0223http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0223http://www.ipa.go.jp/security/english/vuln/200801_JustSystem_press_en.htmlhttp://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107http://secunia.com/advisories/28275http://www.securityfocus.com/bid/27153http://xforce.iss.net/xforce/xfdb/39501http://www.frsirt.com/english/advisories/2008/0045https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitaro2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00MTCMS WYSIWYG Editor cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000003.html
MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability.
MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability.JVNDB-2008-000003http://jvn.jp/en/jp/JVN21312708/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6448http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6448http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000003.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:skyarc:mtcms_wysiwyg_editor2008-05-21T11:30+09:002008-05-21T00:00+09:002008-05-21T11:30+09:00Zimbra Collaboration Suite script execution vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000004.html
Zimbra Collaboration Suite, a web collaboration tool from Zimbra, Inc., contains a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser.
Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book, webmail, and other functions. Zimbra Collaboration Suite 4.0.3 and 4.5.6 contain a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser.JVNDB-2008-000004http://jvn.jp/en/jp/JVN95014590/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1226http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1226http://secunia.com/advisories/29263http://www.securityfocus.com/bid/28134https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:zimbra:zimbra_collaboration_suite2008-05-21T11:30+09:002008-05-21T00:00+09:002008-05-21T11:30+09:00Multiple Yamaha routers vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000005.html
The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery.
Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers.
The web interface is vulnerable to cross-site request forgery.JVNDB-2008-000005http://jvn.jp/en/jp/JVN88575577/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0524http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0524http://www.ipa.go.jp/security/english/vuln/200801_Yamaha_press_en.htmlhttp://secunia.com/advisories/28690http://www.securityfocus.com/bid/27491http://xforce.iss.net/xforce/xfdb/40015https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:nec:ip38xcpe:/h:yamaha:netvolantecpe:/h:yamaha:rtcpe:/h:yamaha:rtvcpe:/h:yamaha:rtxcpe:/h:yamaha:srt2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000006.html
Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting.
Multiple shopping cart software products are affected by this vulnerability.
For details, see the information provided by Hal Networks.JVNDB-2008-000006http://jvn.jp/en/jp/JVN01162446/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0522http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0522http://secunia.com/advisories/28692https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hal_networks:perl__cgi_cartcpe:/a:hal_networks:php_cartcpe:/a:hal_networks:shop_hal_v12008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00RaidenHTTPD cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000007.html
RaidenHTTPD, from Sonei Information Systems (TEAM JOHNLONG), contains a cross-site scripting vulnerability.
This issue is different from JVN#90438169.
RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG.
RaidenHTTPD contains a cross-site scripting vulnerability.JVNDB-2008-000007http://jvn.jp/en/jp/JVN91868305/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0622http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0622http://secunia.com/advisories/28770http://www.frsirt.com/english/advisories/2008/0411 https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:raidenhttpd:raidenhttpd2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00PC2M cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000008.html
PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability.JVNDB-2008-000008http://jvn.jp/en/jp/JVN38893575/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6450http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6450http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000008.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:under_construction_baby:pc2m2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Apache Tomcat fails to properly handle cookie value
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000009.html
Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser.
Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages.
The developer reports that this issue exists because of an incomplete fix for CVE-2007-3385.JVNDB-2008-000009http://jvn.jp/en/jp/JVN09470767/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5333http://www.lac.co.jp/business/sns/intelligence/SNSadvisory/97.htmlhttp://secunia.com/advisories/28878http://www.securityfocus.com/bid/27706http://www.frsirt.com/english/advisories/2008/0488https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/a:trendmicro:interscan_messaging_security_appliancecpe:/a:trendmicro:interscan_messaging_security_suitecpe:/a:trendmicro:interscan_web_security_appliancecpe:/a:trendmicro:interscan_web_security_suitecpe:/a:vmware:esxcpe:/a:vmware:servercpe:/a:vmware:vcentercpe:/a:vmware:virtualcentercpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:enterprise_linux_euscpe:/o:redhat:rhel_desktop_workstation2010-01-05T12:14+09:002008-05-21T00:00+09:002010-01-05T12:14+09:00Google Desktop cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000010.html
Google Desktop contains a cross-site scripting vulnerability.
Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability.JVNDB-2008-000010http://jvn.jp/en/jp/JVN79114735/index.htmlcpe:/a:google:desktop2008-05-21T11:31+09:002008-05-21T00:00+09:002008-05-21T11:31+09:00Internet Scanner reporting engine vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000011.html
IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the user views the output HTML file.
IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the user views the output HTML file.JVNDB-2008-000011http://jvn.jp/en/jp/JVN42381549/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1073http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1073http://secunia.com/advisories/29038/http://www.securityfocus.com/bid/28014http://www.securitytracker.com/id?1019508http://www.frsirt.com/english/advisories/2008/0681https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ibm:internet_scanner2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Cross-site scripting vulnerability in multiple Tor World CGI scripts
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000012.html
Multiple Tor World CGI scripts contain a cross-site scripting vulnerability.
Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability.JVNDB-2008-000012http://jvn.jp/en/jp/JVN54593414/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0917http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0917http://secunia.com/advisories/29039http://www.securityfocus.com/bid/27919https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tor_world:comvotecpe:/a:tor_world:i-navigatorcpe:/a:tor_world:interactive_bbscpe:/a:tor_world:mobile_frontiercpe:/a:tor_world:simple_bbscpe:/a:tor_world:simple_votecpe:/a:tor_world:tor_boardcpe:/a:tor_world:tor_diarycpe:/a:tor_world:tor_newscpe:/a:tor_world:tor_search2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000013.html
Multiple Canon digital multifunction copiers and laser beam printers contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server.
The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer series are digital multifunction copiers and printers. Some of these products contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server.JVNDB-2008-000013http://jvn.jp/en/jp/JVN10056705/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0303http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0303http://www.kb.cert.org/vuls/id/568073http://www.securityfocus.com/bid/28042http://securitytracker.com/id?1019528https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:canon:imagerunner2008-05-21T11:31+09:002008-05-21T00:00+09:002008-05-21T11:31+09:00Nagios cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000014.html
Nagios from Nagios.org contains a cross-site scripting vulnerability.
Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability.JVNDB-2008-000014http://jvn.jp/en/jp/JVN53757727/index.htmlcpe:/a:nagios:nagios2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00BFup ActiveX Control buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000015.html
BFup ActiveX Control contains a buffer overflow vulnerability.
BFup ActiveX Control is developed by an individual that provides file upload and download functionality. BFup ActiveX Control contains a buffer overflow vulnerability.
According to the developer of BFup ActiveX Control, this vulnerability only exists in BFup ActiveX Control developed by the individual developer, not in its commercial version, BFup Pro ActiveX Control, provided by B21Soft, Inc. For more information, refer to the developer's website.JVNDB-2008-000015http://jvn.jp/en/jp/JVN10606373/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1282http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1282http://secunia.com/advisories/29260http://www.securityfocus.com/bid/28131http://xforce.iss.net/xforce/xfdb/41050http://www.frsirt.com/english/advisories/2008/0797https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:b21soft:bfup2008-05-21T11:32+09:002008-05-21T00:00+09:002008-05-21T11:32+09:00Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.JVNDB-2008-000016http://jvn.jp/cert/JVNTA08-066A/index.htmlhttp://jvn.jp/en/jp/JVN04032535/index.htmlhttp://jvn.jp/tr/TRTA08-066A/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1187http://www.ipa.go.jp/security/english/vuln/200803_JRE_press_en.htmlhttps://www.us-cert.gov/cas/alerts/SA08-066A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-066A.htmlhttp://secunia.com/advisories/29273http://www.securityfocus.com/bid/28083http://xforce.iss.net/xforce/xfdb/41025http://www.securitytracker.com/id?1019548http://www.frsirt.com/english/advisories/2008/0770http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_clientcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_operatorcpe:/a:hitachi:ucosminexus_servicecpe:/a:redhat:enterprise_linuxcpe:/a:redhat:rhel_desktop_supplementarycpe:/a:redhat:rhel_supplementarycpe:/a:sun:jdkcpe:/a:sun:jrecpe:/a:sun:sdkcpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:misc:miraclelinux_asianux_server2008-10-09T13:35+09:002008-05-21T00:00+09:002008-10-09T13:35+09:00Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000017.html
The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration.
The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE is disabled in the default configuration. This vulnerability may allow a remote attacker to access the web administration interface without authentication.JVNDB-2008-000017http://jvn.jp/en/jp/JVN13159997/index.htmlhttp://www.ipa.go.jp/security/english/vuln/200803_iodata_press_en.htmlcpe:/h:i-o_data_device:wn-apg%2Frcpe:/h:i-o_data_device:wn-apg%2Fr_scpe:/h:i-o_data_device:wn-wapg%2Frcpe:/h:i-o_data_device:wn-wapg%2Fr_s2008-05-21T11:32+09:002008-05-21T00:00+09:002008-05-21T11:32+09:00Namazu cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000018.html
Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability.
Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser.JVNDB-2008-000018http://jvn.jp/en/jp/JVN00892830/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1468http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1468http://secunia.com/advisories/29386http://www.securityfocus.com/bid/28380https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:namazu:namazucpe:/o:misc:miraclelinux_asianux_server2009-10-27T13:43+09:002008-05-21T00:00+09:002009-10-27T13:43+09:00PerlMailer cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000019.html
PerlMailer is a mail form CGI provided by "Homepage Decorator". A cross-site scripting vulnerability exists in PerlMailer.
PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in PerlMailer.JVNDB-2008-000019http://jvn.jp/en/jp/JVN76669770/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1604http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1604http://secunia.com/advisories/29517http://www.securityfocus.com/bid/28472https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:homepage_decorator:perlmailer2008-05-21T11:33+09:002008-05-21T00:00+09:002008-05-21T11:33+09:00DesignForm cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000020.html
DesignForm is a mail form CGI provided by GNB. A cross-site scripting vulnerability exists in DesignForm.
DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm.JVNDB-2008-000020http://jvn.jp/en/jp/JVN58803701/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1603http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1603http://secunia.com/advisories/29528http://www.securityfocus.com/bid/28471https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gnb:designform2008-05-21T11:33+09:002008-05-21T00:00+09:002008-05-21T11:33+09:00Mozilla Firefox cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html
Mozilla Firefox web browser contains a cross-site scripting vulnerability.
Mozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.JVNDB-2008-000021http://jvn.jp/en/jp/JVN21563357/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0416http://www.securityfocus.com/bid/29303https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mozilla:firefoxcpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstationcpe:/o:redhat:rhel_desktop_workstationcpe:/o:sun:opensolariscpe:/o:sun:solariscpe:/o:turbolinux:turbolinux_fujicpe:/o:turbolinux:turbolinux_servercpe:/o:turbolinux:turbolinux_wizpy2008-07-29T14:54+09:002008-05-21T00:00+09:002008-07-29T14:54+09:00Lhaplus buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000022.html
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability.
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from JVN#82610488 and JVN#70734805.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000022http://jvn.jp/en/jp/JVN74468481/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2021http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2021http://www.ipa.go.jp/security/english/vuln/200804_Lhaplus_press_en.htmlhttp://secunia.com/advisories/29972http://www.securityfocus.com/bid/28953http://xforce.iss.net/xforce/xfdb/42032http://www.frsirt.com/english/advisories/2008/1369/referenceshttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lhaplus:lhaplus2008-05-21T11:33+09:002008-05-21T00:00+09:002008-05-21T11:33+09:00Sony mylo COM-2 does not verify server SSL certificate
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000023.html
Sony mylo COM-2 contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS.
Sony mylo COM-2, a mobile terminal equipped with a web browser and media palyer, contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS.
Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000023http://jvn.jp/en/jp/JVN76788395/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1938http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1938http://secunia.com/advisories/29928http://www.securityfocus.com/bid/28905http://xforce.iss.net/xforce/xfdb/41971https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sony:mylo_com-2_system_software2008-05-21T11:34+09:002008-05-21T00:00+09:002008-05-21T11:34+09:00Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000027.html
Mutiple Bluemoon Inc. XOOPS modules are vulnerable to cross-site scripting.
Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting.
Yosuke Yamada and Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000027http://jvn.jp/en/jp/JVN31351020/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2035http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2035http://secunia.com/advisories/29993http://www.securityfocus.com/bid/28966http://xforce.iss.net/xforce/xfdb/42072https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bluemoon:backpackcpe:/a:bluemoon:bmsurveycpe:/a:bluemoon:newbb_fileupcpe:/a:bluemoon:news_embedcpe:/a:bluemoon:popnupblog2008-05-21T11:34+09:002008-05-21T00:00+09:002008-05-21T11:34+09:00WEB MART from KENT WEB vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000028.html
WEB MART, from KENT WEB, contains a cross-site scripting vulnerability.
WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability.
Akira Noda of Tokyo Institute of Technology reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2008-000028http://jvn.jp/en/jp/JVN43906021/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5224http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5224http://secunia.com/advisories/30444http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000028.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:kent-web_mart2008-06-06T12:01+09:002008-06-06T12:01+09:002008-06-06T12:01+09:00Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000029.html
Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history.
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the search results are restored from history.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2008-000029http://jvn.jp/en/jp/JVN25448394/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2567http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2567http://secunia.com/advisories/30487http://www.securityfocus.com/bid/29555http://xforce.iss.net/xforce/xfdb/42827https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:granicpe:/a:fenrir-inc:portable_sleipnircpe:/a:fenrir-inc:sleipnir2008-06-10T13:59+09:002008-06-10T13:59+09:002008-06-10T13:59+09:00BlognPlus SQL injection vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000030.html
BlognPlus contains a SQL injection vulnerability.
BlognPlus from R-ONE Computer is a software for creating blogs. BlognPlus for MySQL and for PostgreSQL contain a SQL injection vulnerability.
According to the vendor, BlognPlus for Text is not affected by this vulnerability since it does not use a database.
Hideyuki Naito reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000030http://jvn.jp/en/jp/JVN14072646/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2819http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2819https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:blogn:blognplus2008-06-20T13:45+09:002008-06-20T13:45+09:002008-06-20T13:45+09:00CGIWrap error page cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000031.html
CGIWrap error page is vulnerable to a cross-site scripting.
CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page.
Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000031http://jvn.jp/en/jp/JVN45389864/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2852http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2852http://secunia.com/advisories/30765http://www.securityfocus.com/bid/29811http://xforce.iss.net/xforce/xfdb/43176https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nathan_neulinger:cgiwarp2008-06-20T13:46+09:002008-06-20T13:46+09:002008-06-20T13:46+09:00nProtect : Netizen denial of service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000032.html
nProtect : Netizen contains a denial of service (DoS) vulnerability.
nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service (DoS) vulnerability.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000032http://jvn.jp/en/jp/JVN36635562/index.htmlcpe:/a:saat:nprotect_netizen2008-07-07T10:24+09:002008-07-07T10:24+09:002008-07-07T10:24+09:00Multiple Cybozu products vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html
Multiple Cybozu products contain a cross-site request forgery vulnerability.
Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2008-000033http://jvn.jp/en/jp/JVN18405927/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6744http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6744http://secunia.com/advisories/30882http://osvdb.org/46575http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.htmlcpe:/a:cybozu:deziecpe:/a:cybozu:garooncpe:/a:cybozu:office2008-07-08T12:14+09:002008-07-08T12:14+09:002008-07-08T12:14+09:00Cybozu Garoon session fixation vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000034.html
Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability.
Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker.
Yoshihiro Ishikawa of LAC (Little eArth Corporation) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2008-000034http://jvn.jp/en/jp/JVN18700809/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6569http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6569http://secunia.com/advisories/30871/http://www.securityfocus.com/bid/29981http://osvdb.org/46564http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.htmlcpe:/a:cybozu:garoon2008-07-08T12:14+09:002008-07-08T12:14+09:002008-07-08T12:14+09:00Cybozu Garoon vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000035.html
Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed.
Yoshiki Kawada of LAC (Little eArth Corporation) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2008-000035http://jvn.jp/en/jp/JVN52363223/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6570http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6570http://secunia.com/advisories/30871/http://www.securityfocus.com/bid/29981http://osvdb.org/46564http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000035.htmlcpe:/a:cybozu:garoon2008-07-08T12:14+09:002008-07-08T12:14+09:002008-07-08T12:14+09:00FreeStyleWiki cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000036.html
FreeStyleWiki contains a cross-site scripting vulnerability.
FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability.
NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000036http://jvn.jp/en/jp/JVN77432756/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3023http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3023http://secunia.com/advisories/30923http://www.securityfocus.com/bid/30071http://xforce.iss.net/xforce/xfdb/43574https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fswiki:wiki2008-07-08T12:14+09:002008-07-08T12:14+09:002008-07-08T12:14+09:00Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000037.html
Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability.
Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability.
NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000037http://jvn.jp/en/jp/JVN33706820/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3482http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3482http://secunia.com/advisories/31304http://www.frsirt.com/english/advisories/2008/2257http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000037.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:panasonic:bb_hcm511cpe:/h:panasonic:bb_hcm515cpe:/h:panasonic:bb_hcm527cpe:/h:panasonic:bb_hcm531cpe:/h:panasonic:bb_hcm580cpe:/h:panasonic:bb_hcm581cpe:/h:panasonic:bl_c111cpe:/h:panasonic:bl_c1312008-08-04T14:34+09:002008-08-04T14:34+09:002008-08-04T14:34+09:00Redmine vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000038.html
Redmine, open source project management software, contains a cross-site scripting vulnerbility.
Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability.
Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000038http://jvn.jp/en/jp/JVN00945448/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4481http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4481http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:redmine:redmine2008-07-08T12:15+09:002008-07-08T12:15+09:002008-07-08T12:15+09:00Safari installed in iPod touch and iPhone vulnerable in handling server certificates
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000039.html
Safari web browser installed in iPod touch and iPhone contains a vulnerability which allows a self-signed or invalid server certificate to be accepted without the user's explicit concent.
Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS.
According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt."
Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000039http://jvn.jp/en/jp/JVN88676089/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1589http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1589https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:apple:iphonecpe:/h:apple:ipod_touch2008-07-16T12:27+09:002008-07-16T12:27+09:002008-07-16T12:27+09:00Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000040.html
WebLogic Server and WebLogic Express are application servers provided by Oracle (formerly BEA Systems, Inc.).
Plug-ins included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability.
WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 (JavaEE5) and provided by Oracle (formerly BEA Systems, Inc.). Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability.
Due to the acquisition of BEA Systems, Inc. by Oracle on 2008 April 29, any security related information of BEA products will be included in Oracle Critical Patch Updates. For more information, please refer to the following pages.
Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000040http://jvn.jp/en/jp/JVN81667751/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2579http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2579https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oracle:weblogic_expresscpe:/a:oracle:weblogic_server2008-07-24T14:22+09:002008-07-24T14:22+09:002008-07-24T14:22+09:00WebProxy from LunarNight Laboratory vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000041.html
WebProxy provided by LunarNight Laboratory contains a cross-site scripting vulnerability.
WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000041http://jvn.jp/en/jp/JVN49704543/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3255http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3255http://secunia.com/advisories/31042http://www.securityfocus.com/bid/30283http://xforce.iss.net/xforce/xfdb/43879https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ln-lab:webproxy2008-07-24T14:23+09:002008-07-24T14:23+09:002008-07-24T14:23+09:00Multiple Century Systems routers vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000042.html
The web interface in multiple Century Systems routers is vulnerable to cross-site request forgery.
Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
JVNDB-2008-000042http://jvn.jp/en/jp/JVN67573833/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6449http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6449http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000042.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:centurysys:xr-1100cpe:/h:centurysys:xr-410cpe:/h:centurysys:xr-410-l2cpe:/h:centurysys:xr-440cpe:/h:centurysys:xr-510cpe:/h:centurysys:xr-540cpe:/h:centurysys:xr-640cpe:/h:centurysys:xr-640-l2cpe:/h:centurysys:xr-7302008-07-24T14:23+09:002008-07-24T14:23+09:002008-07-24T14:23+09:00K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000043.html
analysis.cgi included in K's CGI Access Log Kaiseki (jcode.pl) contains a cross-site scripting vulnerability.
K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki (Jcode.pl) contains a cross-site scripting vulnerability.
The developer has released the information "Important Note as of 2008 July 18" on the developer's homepage regarding this issue.
AzureStone of securecoding.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000043http://jvn.jp/en/jp/JVN46869708/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4663http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4663https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:kscgi_access_log_kaiseki_jcode.pl2008-07-29T14:56+09:002008-07-29T14:56+09:002008-07-29T14:56+09:00K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000044.html
analysis.cgi included in K's CGI Access Log Kaiseki (Jcode.pm) contains a cross-site scripting vulnerability.
K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki (Jcode.pm) contains a cross-site scripting vulnerability.
The developer has released the information "Important Note as of 2008 July 18" on the developer's homepage regarding this issue.
AzureStone of securecoding.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000044http://jvn.jp/en/jp/JVN72065744/index.htmlcpe:/a:misc:kscgi_access_log_kaiseki_jcode.pm2008-07-29T14:56+09:002008-07-29T14:56+09:002008-07-29T14:56+09:00Geeklog Forum Plugin vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000045.html
Geeklog Forum Plugin contains a cross-site scripting vulnerability.
Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability.
NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Technology Early Warning Partnership.JVNDB-2008-000045http://jvn.jp/en/jp/JVN60419863/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3316http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3316http://secunia.com/advisories/31188http://www.securityfocus.com/bid/30355http://xforce.iss.net/xforce/xfdb/43971http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000045.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:geeklog:forum_plugin2008-07-29T14:57+09:002008-07-29T14:57+09:002008-07-29T14:57+09:00La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000046.html
La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability.
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2008-000046http://jvn.jp/en/jp/JVN83428818/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3736http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3736http://secunia.com/advisories/31582http://secunia.com/advisories/31574http://www.securityfocus.com/bid/30791http://xforce.iss.net/xforce/xfdb/44592http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000046.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:spacetag:lacoodastcpe:/a:system_consultants:la_cooda_wiz2008-09-02T16:58+09:002008-09-02T16:58+09:002008-09-02T16:58+09:00LacoodaST from SpaceTag, Inc. session fixation vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000047.html
LacoodaST from SpaceTag, Inc. contains a session fixation vulnerability.
LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000047http://jvn.jp/en/jp/JVN31723154/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3738http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3738http://secunia.com/advisories/31582http://www.securityfocus.com/bid/30791http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000047.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:spacetag:lacoodast2008-09-02T17:01+09:002008-09-02T17:01+09:002008-09-02T17:01+09:00La!cooda WIZ and LacoodaST vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000048.html
La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability.
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2008-000048http://jvn.jp/en/jp/JVN52557009/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3739http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3739http://secunia.com/advisories/31582http://secunia.com/advisories/31574http://www.securityfocus.com/bid/30791http://xforce.iss.net/xforce/xfdb/44593http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000048.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:spacetag:lacoodastcpe:/a:system_consultants:la_cooda_wiz2008-09-02T17:02+09:002008-09-02T17:02+09:002008-09-02T17:02+09:00Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000049.html
La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server.
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2008-000049http://jvn.jp/en/jp/JVN53886050/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3737http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3737http://secunia.com/advisories/31582http://secunia.com/advisories/31574http://www.securityfocus.com/bid/30791http://xforce.iss.net/xforce/xfdb/44594http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000049.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:spacetag:lacoodastcpe:/a:system_consultants:la_cooda_wiz2008-09-02T17:03+09:002008-09-02T17:03+09:002008-09-02T17:03+09:00Virus Security and Virus Security ZERO denial of service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000050.html
Virus Security and Virus Security ZERO provided by SOURCENEXT CORPORATION contain a denial of service (DoS) vulnerability.
Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service (DoS) vulnerability as they do not properly handle malicious compressed files when scanning.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000050http://jvn.jp/en/jp/JVN66077895/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4429http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4429http://www.ipa.go.jp/security/english/vuln/200808_Zero_en.htmlhttp://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000050.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sourcenext:virus_securitycpe:/a:sourcenext:virus_security_zero2008-08-14T18:15+09:002008-08-14T18:15+09:002008-08-14T18:15+09:00Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000052.html
Webservice-DIC shop_v50 and shop_v52 contain a cross-site scripting vulnerability.
Webservice-DIC shop_v50 and shop_v52 are shopping cart software. shop_v50 and shop_v52 contain a cross-site scripting vulnerability.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000052http://jvn.jp/en/jp/JVN79914432/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3935http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3935http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000052.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:d-ic:shop_v50cpe:/a:d-ic:shop_v522008-09-08T17:01+09:002008-09-08T17:01+09:002008-09-08T17:01+09:00mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000053.html
mysql-lists from AquaGardenSoft Co.,Ltd. contains a cross-site scripting vulnerability.
mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000053http://jvn.jp/en/jp/JVN27417220/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3846http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3846http://secunia.com/advisories/31611http://www.securityfocus.com/bid/30835http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000053.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:aquagardensoft:mysql-lists2008-09-02T17:05+09:002008-09-02T17:05+09:002008-09-02T17:05+09:00Blogn vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000054.html
Blogn from R-ONE Computer contains a cross-site request forgery vulnerability.
Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability.
Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Technology Early Warning Partnership.JVNDB-2008-000054http://jvn.jp/en/jp/JVN84125369/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3885http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3885http://secunia.com/advisories/31662http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000054.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:blogn:blogn2008-09-02T17:22+09:002008-09-02T17:22+09:002008-09-02T17:22+09:00Blogn vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000055.html
Blogn from R-ONE Computer contains a cross-site scripting vulnerability.
Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability.
Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Technology Early Warning Partnership.JVNDB-2008-000055http://jvn.jp/en/jp/JVN03859837/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3884http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3884http://secunia.com/advisories/31662http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000055.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:blogn:blogn2008-09-02T17:22+09:002008-09-02T17:22+09:002008-09-02T17:22+09:00Movable Type vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000056.html
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under the Information Security Early Warning Partnership.JVNDB-2008-000056http://jvn.jp/en/jp/JVN30385652/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4079http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4079http://www.securityfocus.com/bid/31073http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000056.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2008-09-10T11:28+09:002008-09-10T11:28+09:002008-09-10T11:28+09:00Sound Master 2nd from High Norm vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000057.html
Sound Master 2nd from High Norm contains a cross-site scripting vulnerability.
Sound Master 2nd from High Norm is a program to distribute digital music data. Sound Master 2nd contains a cross-site scripting vulnerability.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000057http://jvn.jp/en/jp/JVN55010230/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4118http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4118http://www.securityfocus.com/bid/31076http://xforce.iss.net/xforce/xfdb/44977http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000057.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:high_norm:sound_master_2nd2008-09-10T11:28+09:002008-09-10T11:28+09:002008-09-10T11:28+09:00Multiple Tor World CGI scripts vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000058.html
Multiple Tor World CGI scripts contain a vulnerability which may allow an arbitrary script execution.
Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to inject an arbitrary script into the web page which is generated by the affected product.
This vulnerability is different from JVN#54593414.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under the Information Security Early Warning Partnership.JVNDB-2008-000058http://jvn.jp/en/jp/JVN18616622/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4076http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4076http://www.securityfocus.com/bid/31105http://xforce.iss.net/xforce/xfdb/45043http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000058.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tor_world:interactive_bbscpe:/a:tor_world:simple_bbscpe:/a:tor_world:topics_bbscpe:/a:tor_world:tor_board2008-09-18T11:48+09:002008-09-18T11:48+09:002008-09-18T11:48+09:00Kantan WEB Server directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000059.html
Kantan WEB Server provided by Arihiro Kurata contains a directory traversal vulnerability.
Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability.
Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000059http://jvn.jp/en/jp/JVN79026329/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4797http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4797http://www.securityfocus.com/bid/31245http://www.osvdb.org/48223http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000059.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:arihiro_kurta:kantan_web_server2008-09-22T12:26+09:002008-09-22T12:26+09:002008-09-22T12:26+09:00Kantan WEB Server cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000060.html
Kantan WEB Server provided by Arihiro Kurata contains a cross-site scripting vulnerability.
Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a cross-site scripting vulnerability.
Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000060http://jvn.jp/en/jp/JVN94163107/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4533http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4533http://www.securityfocus.com/bid/31244http://www.osvdb.org/48222http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000060.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:arihiro_kurta:kantan_web_server2008-09-22T12:26+09:002008-09-22T12:26+09:002008-09-22T12:26+09:00phpMyAdmin cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000061.html
phpMyAdmin provided by The phpMyAdmin Project contains a cross-site scripting vulnerability.
phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability.
Masako Oono of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000061http://jvn.jp/en/jp/JVN54824688/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4326http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4326http://www.vupen.com/english/advisories/2008/2657http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000061.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:phpmyadmin:phpmyadmin2008-09-26T16:37+09:002008-09-26T16:37+09:002008-09-26T16:37+09:00EC-CUBE cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000062.html
EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#61543834, JVN#36085487, and JVN#99916563.
Masako Oono of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000062http://jvn.jp/en/jp/JVN26621646/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4537http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4537http://www.ipa.go.jp/security/vuln/documents/2009/200907_ec-cube.htmlhttp://secunia.com/advisories/32065http://secunia.com/advisories/32065http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000062.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2008-10-01T16:32+09:002008-10-01T16:32+09:002008-10-01T16:32+09:00EC-CUBE cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000063.html
EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#61543834, JVN#26621646, and JVN#99916563.
Naruhisa Tadokoro of Kobe Digital Labo.,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000063http://jvn.jp/en/jp/JVN36085487/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4536http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4536http://www.ipa.go.jp/security/vuln/documents/2009/200907_ec-cube.htmlhttp://secunia.com/advisories/32065http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000063.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2008-10-01T16:32+09:002008-10-01T16:32+09:002008-10-01T16:32+09:00EC-CUBE cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000064.html
EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#61543834, JVN#26621646, and JVN#36085487.
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000064http://jvn.jp/en/jp/JVN99916563/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4535http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4535http://www.ipa.go.jp/security/vuln/documents/2009/200907_ec-cube.htmlhttp://secunia.com/advisories/32065http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000064.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2008-10-01T16:31+09:002008-10-01T16:31+09:002008-10-01T16:31+09:00EC-CUBE vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000065.html
EC-CUBE provided by LOCKON CO.,LTD. contains a SQL injection vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability.JVNDB-2008-000065http://jvn.jp/en/jp/JVN81111541/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4534http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4534http://www.ipa.go.jp/security/vuln/documents/2009/200907_ec-cube.htmlhttp://www.ipa.go.jp/security/english/vuln/200810_EC-CUBE_en.htmlhttp://secunia.com/advisories/32065http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000065.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2008-10-01T16:31+09:002008-10-01T16:31+09:002008-10-01T16:31+09:00Nucleus EUC-JP Japanese Edition vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000066.html
Nucleus from The Nucleus Group contains a cross-site scripting vulnerability.
According to the developer, it is confirmed that this vulnerability exist in Nucleus EUC-JP only, and Nucleus UTF-8 Japanese Edition and Nucleus English Edition are not affected.
For more information, refer to the developer's website.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000066http://jvn.jp/en/jp/JVN92651529/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4446http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4446http://secunia.com/advisories/32123http://www.securityfocus.com/bid/31590http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000066.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nucleus_cms:nucleus2008-10-06T15:24+09:002008-10-06T15:24+09:002008-10-06T15:24+09:00Movable Type Enterprise cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html
Movable Type Enterprise contains a cross-site scripting vulnerability.
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#30385652 and JVN#81490697.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000067http://jvn.jp/en/jp/JVN02216739/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5808http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5808http://secunia.com/advisories/32935http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000067.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2008-12-04T14:52+09:002008-12-04T14:52+09:002008-12-04T14:52+09:00hisa_cart information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000068.html
hisa_cart from Hisanaga Electric Co.Ltd contains an information disclosure vulnerability.
hisa_cart from Hisanaga Electric Co.Ltd is a shopping cart module for XOOPS. hisa_cart contains a vulnerability allowing the disclosure of users' information.JVNDB-2008-000068http://jvn.jp/en/jp/JVN67334580/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4635http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4635http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000068.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hisanaga_electric_co:hisa_cart2008-10-21T19:25+09:002008-10-21T19:25+09:002008-10-21T19:25+09:00Apache Tomcat allows access from a non-permitted IP address
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html
Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context.
This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.
Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA.
JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.JVNDB-2008-000069http://jvn.jp/en/jp/JVN30732239/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271http://secunia.com/advisories/32234http://secunia.com/advisories/32213/http://www.securityfocus.com/bid/31698http://www.frsirt.com/english/advisories/2008/2793https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:interstage_web_servercpe:/a:nec:webotx_application_server2009-07-08T11:38+09:002008-10-10T15:44+09:002009-07-08T11:38+09:00Internet Explorer vulnerable in handling CDO protocol
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000070.html
Internet Explorer is vulnerable in handling CDO (Collaboration Data Objects) protocol, which allows the download dialog box to be bypassed.
When Internet Explorer (IE) accesses a website using CDO (Collaboration Data Objects), IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field.
This could cause a download dialog box not to be displayed prior to downloading. The CDO protocol handler is included in an Office component, and Microsoft provides the fix for this component.
NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the Microsoft Corporation under Information Security Early Warning Partnership.JVNDB-2008-000070http://jvn.jp/en/jp/JVN55410403/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4020http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4020http://www.us-cert.gov/cas/alerts/SA08-288A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-288A.htmlhttp://secunia.com/advisories/32138/http://www.securityfocus.com/bid/31693http://www.frsirt.com/english/advisories/2008/2807http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:office2008-10-22T17:49+09:002008-10-22T17:49+09:002008-10-22T17:49+09:00MyNETS cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000071.html
MyNETS, an open source SNS software, contains a cross-site scripting vulnerability.
MyNETS from Usagi Project is an open source SNS (Social Networking Service) software. MyNETS contains a cross-site scripting vulnerability.JVNDB-2008-000071http://jvn.jp/en/jp/JVN53267766/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4629http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4629http://secunia.com/advisories/32348http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000071.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:usagi:mynets2008-10-22T17:49+09:002008-10-22T17:49+09:002008-10-22T17:49+09:00Movable Type cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000072.html
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart KK, contains a vulnerability resulting from the improper handling of the management page that can lead to cross-site scripting.
This vulnerability is different from JVN#30385652.
An updated version addressing this vulnerability was released on December 3, 2008
Ryuji Sakai, Tomohito Yoshino and Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under the Information Security Early Warning Partnership.JVNDB-2008-000072http://jvn.jp/en/jp/JVN81490697/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4634http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4634http://secunia.com/advisories/32305http://www.securityfocus.com/bid/31826http://xforce.iss.net/xforce/xfdb/45968http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000072.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2011-05-31T10:57+09:002008-10-21T19:25+09:002011-05-31T10:57+09:00Blosxom vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000073.html
Blosxom, a weblog system contains a cross-site scripting vulnerability.
Blosxom is an open source weblog system. Blosxom contains a cross-site scripting vulnerability.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000073http://jvn.jp/en/jp/JVN03300113/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2236http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2236http://secunia.com/advisories/32074http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000073.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:blosxom:blosxom2008-10-20T17:30+09:002008-10-20T17:30+09:002008-10-20T17:30+09:00Snoopy command injection vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000074.html
Snoopy, a PHP library contains a command injection vulnerability.
Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000074http://jvn.jp/en/jp/JVN20502807/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4796http://secunia.com/advisories/32361http://www.frsirt.com/english/advisories/2008/2901http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:snoopy:snoopy2008-11-28T13:54+09:002008-10-28T15:34+09:002008-11-28T13:54+09:00EC-CUBE vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000075.html
EC-CUBE provided by LOCKON CO.,LTD. contains a SQL injection vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability.
This vulnerability is different from JVN#81111541.
An updated version addressing this vulnerability was released on November 7, 2008JVNDB-2008-000075http://jvn.jp/en/jp/JVN19072922/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4991http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4991http://www.ipa.go.jp/security/english/vuln/200811_EC-CUBE_en.htmlhttp://www.ipa.go.jp/security/vuln/documents/2009/200907_ec-cube.htmlhttp://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000075.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2009-06-25T15:44+09:002008-11-06T16:04+09:002009-06-25T15:44+09:00sISAPILocation vulnerability bypasses HTTP header rewrite function
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000076.html
sISAPILocation, an ISAPI (Internet Server Application Program Interface) filter, contains a vulnerability that allows the HTTP header rewrite function to be bypassed.
sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS (Internet Information Services). sISAPILocation contains a vulnerability that allows the HTTP header rewrite function to be bypassed.JVNDB-2008-000076http://jvn.jp/en/jp/JVN67060882/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6298http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6298http://secunia.com/advisories/32581http://www.securityfocus.com/bid/32247http://www.vupen.com/english/advisories/2008/3105http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000076.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:rocketeer.dip:sisapilocation2008-11-10T13:29+09:002008-11-10T13:29+09:002008-11-10T13:29+09:00GungHo LoadPrgAx vulnerable to arbitrary Java program execution
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000077.html
LoadPrgAx ActiveX control from GungHo Online Entertainment, Inc. contains a vulnerability that allows an attacker to execute an arbitrary Java program.
LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a vulnerability that allows an attacker to execute an arbitrary Java program that resides on a user's PC.
LoadPrgAx version 1,0,0,7, which addresses this vulnerability has been distributed by the vendor since November 5, 2008. JVNDB-2008-000077http://jvn.jp/en/jp/JVN47875752/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5495http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5495http://secunia.com/advisories/32743http://www.securityfocus.com/bid/32318http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000077.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gungho:loadprgax_control2008-11-19T15:50+09:002008-11-19T15:50+09:002008-11-19T15:50+09:00CGI RESCUE MiniBBS2000 directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000078.html
MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability.
MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability.
The vendor reported that the downloadable files addressing this vulnerability were incorrect (v1.02). Files currently available are version v1.03, where this vulnerability has been fixed. For more information, refer to the vendor's website.JVNDB-2008-000078http://jvn.jp/en/jp/JVN86833991/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5723http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5723http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000078.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cgi_rescue:kanni_bbs2000cpe:/a:cgi_rescue:kanni_bbs2000i2009-04-30T15:35+09:002008-11-26T17:50+09:002009-04-30T15:35+09:00I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000079.html
The HDL-F series products from I-O DATA DEVICE, INC. are LAN connectable hard disk drives. The web interface for administration in the products contains a cross-site request forgery vulnerability.
The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. Configuration of these devices are done through a web-based interface. This web interface is vulnerable to cross-site request forgery.
Firmware updates addressing this vulnerability have been provided by the vendor since August 28, 2008.
Takayuki Ogiso reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2008-000079http://jvn.jp/en/jp/JVN70599814/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5382http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5382http://www.ipa.go.jp/security/english/vuln/200811_iodata_en.htmlhttp://secunia.com/advisories/32836http://osvdb.org/50183http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000079.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:hlf-f2008-12-02T15:50+09:002008-12-02T15:50+09:002008-12-02T15:50+09:00Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html
Access Analyzer CGI from futomi's CGI Cafe contains a predictable session ID vulnerability.
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability.JVNDB-2008-000083http://jvn.jp/en/jp/JVN07468800/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5809http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5809http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000083.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professionalcpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard2008-12-17T15:30+09:002008-12-17T15:30+09:002008-12-17T15:30+09:00PHP vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
PHP contains a cross-site scripting vulnerability.
PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors.
Tomoki Sanaki of International Network Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000084http://jvn.jp/en/jp/JVN50327700/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5814http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5814http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000084.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:php:phpcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:rhel_desktop_workstationcpe:/o:turbolinux:turbolinux_appliance_servercpe:/o:turbolinux:turbolinux_clientcpe:/o:turbolinux:turbolinux_server2010-10-19T17:40+09:002008-12-19T15:37+09:002010-10-19T17:40+09:00Mayaa cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000085.html
Mayaa from Seasar Project contains a cross-site scripting vulnerability.
Mayaa from Seasar Project is an open source Java template engine. The default error page that Mayaa displays contains a cross-site scripting vulnerability.
Tetsuo Nakamura of NEC Soft,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000085http://jvn.jp/en/jp/JVN17298485/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5720http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5720http://secunia.com/advisories/33333http://www.securityfocus.com/bid/33015http://xforce.iss.net/xforce/xfdb/47623http://osvdb.org/51007http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000085.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:the_seasar_foundation:mayaa2008-12-25T16:22+09:002008-12-25T16:22+09:002008-12-25T16:22+09:00BlackJumboDog authentication bypass vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000086.html
BlackJumboDog from SapporoWorks contains an authentication bypass vulbnerability.
BlackJumboDog from SapporoWorks is a software that provides server functions for an intranet. BlackJumboDog contains an authentication bypass vulnerability.
Tsuyoshi Ishibashi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2008-000086http://jvn.jp/en/jp/JVN98063934/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5721http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5721http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000086.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sapporoworks:blackjumbodog2008-12-25T16:22+09:002008-12-25T16:22+09:002008-12-25T16:22+09:00X.Org Foundation X server buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html
X server provided by the X.Org Foundation contains a buffer overflow vulnerability.
The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow.
X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue.
Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
JVNDB-2008-001043http://jvn.jp/en/jp/JVN88935101/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0006http://www.ipa.go.jp/security/english/vuln/200806_XOrg_press_en.htmlhttp://www.us-cert.gov/cas/alerts/SA08-079A.htmlhttp://www.kb.cert.org/vuls/id/203220http://www.us-cert.gov/cas/techalerts/TA08-079A.htmlhttp://secunia.com/advisories/28532/http://www.securityfocus.com/bid/27352http://securitytracker.com/id?1019232http://www.frsirt.com/english/advisories/2008/0179http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:pc-xcpe:/a:suse:suse_open_enterprise_servercpe:/a:suse:suse_slescpe:/a:x.org:x.org_x11cpe:/a:xfree86_project:xfree86cpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:canonical:ubuntu_linuxcpe:/o:fedoraproject:fedoracpe:/o:gentoo:linux_x11cpe:/o:gentoo:linux_x11-libscpe:/o:hp:hp-uxcpe:/o:ibm:aixcpe:/o:mandriva:linux-xfree86cpe:/o:mandriva:linux-xorgcpe:/o:misc:miraclelinux_asianux_servercpe:/o:openbsd:openbsdcpe:/o:opensuse_project:opensusecpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstationcpe:/o:redhat:rhel_desktop_workstationcpe:/o:sun:solariscpe:/o:suse:linux_desktopcpe:/o:suse:linux_enterprise_desktopcpe:/o:suse:linux_enterprise_servercpe:/o:suse:linux_poscpe:/o:suse:suse_linuxcpe:/o:suse:suse_sle_sdk2008-11-21T12:19+09:002008-06-13T17:11+09:002008-11-21T12:19+09:00EUR Print Manager Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001096.html
EUR Print Manager fails to accept job execution requests when it receives unexpected data, which could be exploited to cause a Denial of Service (DoS) condition.JVNDB-2008-001096http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0875http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0875http://secunia.com/advisories/29030http://www.securityfocus.com/bid/27899http://www.frsirt.com/english/advisories/2008/0616https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:eur_print_managercpe:/a:hitachi:eur_print_manager_clientcpe:/a:hitachi:eur_print_manager_local_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00SEWB3/PLATFORM Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001097.html
SEWB3/PLATFORM handles SEWB3 message improperly when it receives malformed data, which allows attackers to cause a Denial of Service (DoS).JVNDB-2008-001097http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0876http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0876http://secunia.com/advisories/29028http://www.securityfocus.com/bid/27900http://www.frsirt.com/english/advisories/2008/0617https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:sewb3_mi-platformcpe:/a:hitachi:sewb3_platform2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00JP1/HIBUN Encryption/Decryption and Removable Media Control Malfunction Problems
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001150.html
The encryption/decryption and removable media control function in JP1/HIBUN Advanced Edition Information Cypher and Advanced Edition Information Fortress may malfunction.JVNDB-2008-001150cpe:/a:hitachi:jp1_hibun2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001311.html
The PVATLCalendar.PVCalendar.1 (pvcalendar.ocx) ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server (BEWS), includes the insecure Save() method that mishandles long strings assigned to various properties listed below, which can be exploited to cause stack-based buffer overflows.
_DOWText0, _DOWText1, _DOWText2, _DOWText3, _DOWText4
_DOWText5, _DOWText6, _MonthText0, _MonthText1, _MonthText2
_MonthText3, _MonthText4, _MonthText5, _MonthText6, _MonthText7
_MonthText8, _MonthText9, _MonthText10, _MonthText11JVNDB-2008-001311http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6016http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6016http://secunia.com/advisories/27885http://www.securityfocus.com/bid/26904http://securitytracker.com/id?1019524http://www.frsirt.com/english/advisories/2008/0718http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001311.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_veritas_backup_execcpe:/a:hitachi:jp1_veritas_netbackupcpe:/a:symantec:veritas_backup_exec2008-11-21T12:20+09:002008-05-21T00:00+09:002008-11-21T12:20+09:00Symantec Backup Exec for Windows Server ActiveX Control Multiple Vulnerabilities
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001312.html
The PVATLCalendar.PVCalendar.1 (pvcalendar.ocx) ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server (BEWS), includes the insecure Save() method that mishandles strings assigned to certain properties listed below, which can be exploited to cause a denial of service (DoS) or overwrite arbitrary files.
_DOWText0, _DOWText1, _DOWText2, _DOWText3, _DOWText4
_DOWText5, _DOWText6, _MonthText0, _MonthText1, _MonthText2
_MonthText3, _MonthText4, _MonthText5, _MonthText6, _MonthText7
_MonthText8, _MonthText9, _MonthText10, _MonthText11 JVNDB-2008-001312http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6017http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6017http://secunia.com/advisories/27885http://www.securityfocus.com/bid/28008http://securitytracker.com/id?1019525http://www.frsirt.com/english/advisories/2008/0718http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001312.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_veritas_backup_execcpe:/a:hitachi:jp1_veritas_netbackupcpe:/a:symantec:veritas_backup_exec2008-11-21T12:20+09:002008-05-21T00:00+09:002008-11-21T12:20+09:00JP1/Cm2/Network Node Manager Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001313.html
The JP1/Cm2/Network Node Manager (NNM) has vulnerability that can be exploited to cause a denial of service (DoS). JVNDB-2008-001313cpe:/a:hitachi:cm2_network_node_managercpe:/a:hitachi:comet_mgcpe:/a:hitachi:jp1_cm2_network_node_manager2008-05-21T11:34+09:002008-05-21T00:00+09:002008-05-21T11:34+09:00JP1/Cm2/Network Node Manager Web Coordinated Function Multiple Vulnerabilities
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001347.html
Multiple vulnerabilities have been found in the JP1/Cm2/Network Node Manager (NNM) Web coordinated function.JVNDB-2008-001347cpe:/a:hitachi:jp1_cm2_network_node_manager2008-06-06T12:00+09:002008-06-06T12:00+09:002008-06-06T12:00+09:00Groupmax World Wide Web Desktop/BUNSHOKANRI(=DocumentManagement) Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001348.html
A cross-site scripting vulnerability has been found in the Groupmax World Wide Web Desktop/BUNSHOKANRI (=DocumentManagement).JVNDB-2008-001348cpe:/a:hitachi:document_manager_server_setcpe:/a:hitachi:groupmax_groupware_clientcpe:/a:hitachi:groupmax_groupware_web_clientcpe:/a:hitachi:groupmax_server_setcpe:/a:hitachi:groupmax_workflow_clientcpe:/a:hitachi:groupmax_workflow_web_clientcpe:/a:hitachi:groupmax_world_wide_web_desktopcpe:/a:hitachi:groupware_server_setcpe:/a:hitachi:mail_server_setcpe:/a:hitachi:scheduler_server_setcpe:/a:hitachi:workflow_server_set2008-06-06T12:00+09:002008-06-06T12:00+09:002008-06-06T12:00+09:00XMAP3 Denial of Service (DoS) Vulneability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001349.html
XMAP3's print function has a vulnerability that could cause a temporary denial of service (DoS) condition when receiving unexpected data.JVNDB-2008-001349cpe:/a:hitachi:xmap3_enterprise_editioncpe:/a:hitachi:xmap3_netcpe:/a:hitachi:xmap3_servercpe:/a:hitachi:xmap3_webcpe:/a:hitachi:xmap3_wide2008-06-06T12:00+09:002008-06-06T12:00+09:002008-06-06T12:00+09:00Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001350.html
A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products.JVNDB-2008-001350cpe:/a:hitachi:cosminexus_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_clientcpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:ucosminexus_collaboration_portalcpe:/a:hitachi:ucosminexus_content_manager2008-06-06T12:00+09:002008-06-06T12:00+09:002008-06-06T12:00+09:00Vulnerability in Sample Code in Hitachi uCosminexus Portal Framework Manuals
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001417.html
The sample code provided in Hitachi uCosminexus Portal Framework Manuals has
a vulnerability which could allow a logged-in user to view or update data
with the privileges of those who have logged in later than the user.JVNDB-2008-001417cpe:/a:hitachi:ucosminexus_portal_framework2008-07-07T10:38+09:002008-07-07T10:38+09:002008-07-07T10:38+09:00Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001513.html
A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server.JVNDB-2008-001513http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6388http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001513.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_server_enterprisecpe:/a:hitachi:cosminexus_application_server_standardcpe:/a:hitachi:cosminexus_application_server_version_5cpe:/a:hitachi:cosminexus_developer_light_version_6cpe:/a:hitachi:cosminexus_developer_professional_version_6cpe:/a:hitachi:cosminexus_developer_standard_version_6cpe:/a:hitachi:cosminexus_developer_version_5cpe:/a:hitachi:cosminexus_server_-_enterprise_editioncpe:/a:hitachi:cosminexus_server_-_standard_editioncpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4cpe:/a:hitachi:cosminexus_server_-_web_editioncpe:/a:hitachi:cosminexus_server_-_web_edition_version_4cpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2014-05-21T18:19+09:002008-07-30T13:45+09:002014-05-21T18:19+09:00Cross-Site Scripting Vulnerability in Hitachi Collaboration - Online Community Management
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001514.html
A cross-site scripting vulnerability has been found in Hitachi Collaboration - Online Community Management.JVNDB-2008-001514http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001514.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_clientcpe:/a:hitachi:ucosminexus_collaboration_portalcpe:/a:hitachi:ucosminexus_content_manager2008-07-30T13:46+09:002008-07-30T13:46+09:002008-07-30T13:46+09:00Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001575.html
The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling.JVNDB-2008-001575http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1040http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1040http://secunia.com/advisories/29088http://www.securityfocus.com/bid/27966http://www.frsirt.com/english/advisories/2008/0662http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001575.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_studio2008-09-03T12:33+09:002008-09-03T12:33+09:002008-09-03T12:33+09:00Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001576.html
The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files.JVNDB-2008-001576http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2674http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2674http://secunia.com/advisories/30589http://www.securityfocus.com/bid/27966http://www.frsirt.com/english/advisories/2008/1771http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001576.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:interstage_web_server2012-02-15T18:13+09:002008-09-03T12:34+09:002012-02-15T18:13+09:00Hitachi JP1/File Transmission Server/FTP Transmission Failure Problem
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001584.html
Hitachi JP1/File Transmission Server/FTP has a problem where file transmission fails due to the termination of the connection or failure of getting a response from the server when executing FTP commands with certain argument(s).
JVNDB-2008-001584http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001584.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_file_transmission_server_ftp2008-09-05T12:23+09:002008-09-05T12:23+09:002008-09-05T12:23+09:00Hitachi JP1/File Transmission Server/FTP Unauthorized File Permission Change Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001585.html
Hitachi JP1/File Transmission Server/FTP has a vulnerability which allows unauthorized users to change file permissions.JVNDB-2008-001585http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001585.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_file_transmission_server_ftp2008-09-05T12:24+09:002008-09-05T12:24+09:002008-09-05T12:24+09:00Fujitsu Interstage Application Server Access Control Update Problem
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001613.html
Under certain conditions, the Single Sign-On function in the Fujitsu Interstage Application Server fails to properly update access control information.JVNDB-2008-001613http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001613.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_server2008-09-09T16:21+09:002008-09-09T16:21+09:002008-09-09T16:21+09:00JP1/NETM/DM SubManager and JP1/NETM/DM Client Process Termination Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001614.html
JP1/NETM/DM SubManager and JP1/NETM/DM Client, enabled with the JP1 event notification setting, have a process termination vulnerability where process may terminate when error occurs while receiving job execution requests.JVNDB-2008-001614http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001614.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_netm_dm2008-09-09T16:21+09:002008-09-09T16:21+09:002008-09-09T16:21+09:00Jasmine WebLink Template Multiple Vulnerabilities
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001647.html
Jasmin WebLink is vulnerable to buffer overflow (BOF), denial of service
(DoS) and cross-site scripting (XSS) when executing templates.JVNDB-2008-001647http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001647.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:jasmine2009-03-30T14:29+09:002008-09-18T11:48+09:002009-03-30T14:29+09:00Data Transfer Control Process Cessation Issue in XFIT/S/JCA and XFIT/S/ZGN
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001665.html
Data transfer control process in XFIT/S/JCA or XFIT/S/ZGN would shut
down when the designated port receives data unexpectedly.JVNDB-2008-001665http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001665.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:xfit_s_jcacpe:/a:hitachi:xfit_s_zgn2008-09-24T12:03+09:002008-09-24T12:03+09:002008-09-24T12:03+09:00BrightStor ARCserve and eTrust Antivirus Arbitrary Code Execution Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001778.html
BrightStor ARCserve Backup and eTrust Antirus r7.1 have a problem in handling RPC requests and are vulnerable to arbitrary code execution.JVNDB-2008-001778http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4620http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4620http://secunia.com/advisories/29665http://www.securityfocus.com/bid/28605http://xforce.iss.net/xforce/xfdb/41639http://www.securitytracker.com/id?1019789http://www.securitytracker.com/id?1019790http://www.frsirt.com/english/advisories/2008/1103http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001778.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ca:arcserve_backupcpe:/a:ca:brightstor_arcserve_backupcpe:/a:ca:etrust_antiviruscpe:/a:ca:threat_managercpe:/a:hitachi:brightstor_arcserve_backupcpe:/a:hitachi:etrust_anitivirus2008-10-30T12:19+09:002008-10-30T12:19+09:002008-10-30T12:19+09:00CA ARCserver Backup and CA ARCserve Backup Client Agent Denial of Service (DoS) Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001779.html
CA ARCserve Backup and CA ARCserve Backup Client Agent fail to properly handle packets with a large integer value used in an increment to TCP port 41523, which leads to a denial of service (DoS).JVNDB-2008-001779http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1979http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1979http://secunia.com/advisories/29855http://www.securityfocus.com/bid/28927http://www.securitytracker.com/id?1020324http://www.frsirt.com/english/advisories/2008/1354http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001779.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ca:arcserve_backupcpe:/a:ca:business_protection_suitecpe:/a:ca:server_protection_suitecpe:/a:hitachi:arcserve_backupcpe:/a:hitachi:brightstor_arcserve_backup2008-10-30T12:20+09:002008-10-30T12:20+09:002008-10-30T12:20+09:00JP1/Integrated Management Service Support Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001877.html
JP1/Integrated Management Service Support is vulnerable to cross-site
scripting due to failure to properly process requests.JVNDB-2008-001877http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5717http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5717http://secunia.com/advisories/33193http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001877.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_integrated_management2008-11-21T10:16+09:002008-11-21T10:16+09:002008-11-21T10:16+09:00JP1/VERITAS NetBackup JAVA Administration GUI Privilege Escalation Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001895.html
The JAVA Administration Graphical User Interface (GUI) in JP1/VERITAS NetBackup contains a privilege escalation vulnerability.JVNDB-2008-001895http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4339http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4339http://www.securityfocus.com/bid/31221http://www.securitytracker.com/id?1020928http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001895.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_veritas_netbackupcpe:/a:symantec:veritas_netbackup_enterprise_servercpe:/a:symantec:veritas_netbackup_server2008-12-01T11:10+09:002008-12-01T11:10+09:002008-12-01T11:10+09:00Groupmax Collaboration - Schedule Mis-scheduling Problem: Unintended Members Included When Reservations are Made by Secretary
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001910.html
In the event a secretary makes a reservation using Groupmax Collaboration - Schedule, there might be a scheduling error that causes unintended members to also have the event included in their schedules.JVNDB-2008-001910http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001910.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_client_mail_schedulecpe:/a:hitachi:ucosminexus_collaboration_portal2008-12-05T11:34+09:002008-12-05T11:34+09:002008-12-05T11:34+09:00Groupmax Workflow - Development Kit for Active Server Pages Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001911.html
Groupmax Workflow - Development Kit for Active Server Pages contains a cross-site scripting vulnerability.JVNDB-2008-001911http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5719http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5719http://secunia.com/advisories/33281http://securitytracker.com/id?1021483http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001911.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_web_workflowcpe:/a:hitachi:groupmax_workflow2008-12-05T11:35+09:002008-12-05T11:35+09:002008-12-05T11:35+09:00